Do Investors Really Care About Data Breaches?

On Dec. 19th Target, the giant retailer, released a statement saying that their customers’ data had been breached.  The Wall Street Journal recently ran a front page story on the how the CEO was handling the breach.  The Wall Street Journal article states that Target clearly suffered since the article contains statements like “During the holiday-shopping season, Target’s sales and store traffic plummeted.”

Target’s stock closed on Dec. 18th at $63.07 a share.  The stock closed on Dec. 19th, after the announcement, at $61.68 per share.  The loss of $1.39 per share translated into a drop of almost $1 billion in the value of the company.  Investors appeared to take the data breach seriously.

Today, Target released their quarterly report that covered the holiday shopping season.  This report quantified exactly how much sales fell (3.8% during the quarter) and even contains a quote from the CEO stating that sales before the data breach were much higher than expected and after the data breach sales were much lower.

The verdict by traders was to push the stock up almost 7% as I write this post.  Target stock is now at $60.31, and Wall Street by its actions suggests the data breach doesn’t matter.  Since Dec. 19th Target is down 2.2%. For a comparison, Walmart’s stock is down 3.4% over the same time frame.

Why is all this important?  The rise in Target’s stock price today suggests there are little or no long-term financial consequences for a large company having a massive data breach.  It looks to me like Wall Street doesn’t care about the security of our data but if we want continued economic growth, we as a society should care.  If people can’t trust using their credit cards, they will buy less.

What is the optimal way to ensure companies treat data more carefully?  Should there be fines for every customer record lost, similar to EPA (Environmental Protection Agency) rules that fine companies based on the amount of oil spilled?  Should there be criminal penalties for companies that are lax in protecting their customers’ identities?  Do you have other suggestions?

Leave a Reply

Your email address will not be published. Required fields are marked *