It took them seven weeks to confirm it, but Ronn Torossian says that’s not nearly the worst thing wrong with the data breach at Jimmy John’s.
First, the bad. Nearly two months ago, tech watchdogs and business sites broke the news of a possible credit card breach at the Jimmy John’s sandwich chain. It took the company that long to acknowledge the breach … an infiltration of a payment vendor that impacted 216 stores. Now, that’s not to say Jimmy John’s was hiding anything. These things take time to investigate. And you definitely don’t want to come out and say, “There’s a problem, but we don’t know where or how much of one.”
When you make that statement you need to be able to answer that question. So, wisely, they waited until they had the information. It was bad news, but it could have been worse.
Well, it was … worse, that is. Not only had the breach happened, it happened over a 3 to 4 month time period in which people were going blissfully about their business, unaware they could be or were about to be victims.
And that, Torossian says, highlights the larger PR issue here. These breaches keep happening, and people often don’t hear about them until months after the fact. Had they known sooner they could have taken care of the issue and never become a victim.
That puts the onus back on ALL retailers to calm their customers’ legitimate concerns about cyber security while also enjoying the benefits brought by paying with plastic. See, retailers understand very well that people who “put it on plastic” tend to spend more. But if that easy breezy confidence goes out the window, you may find sales dropping at retailers that never had a whiff of cyber security problems.
That’s the unfortunate reality, and the growing PR problem. It’s not about a single retail victim, it’s about damaging consumer confidence and corroding consumer culture. How many breaches will it take before a large segment of society just pays cash “just in case.”
That will likely never be a majority again, but consider how many industries would be impacted if these breaches keep happening. Particularly if they happen and go unreported for months on end. It won’t be everyone, but there will be a significant percentage of the consumer population who will decide the convenience isn’t worth the risk.
Retailers need to make a concerted PR effort to stop that momentum …because the rumblings have already started.