Home Depot: analyzing the costs of a data breach

Cost of the Home Depot Data BreachLast Friday, we compared the recent Home Depot data breach to that of Target in 2013. While the Target breach was big, it appears the Home Depot breach is even bigger.

NPR put it this way: “If Target’s breach is any indication, the fallout from the Home Depot breach could be severe.”

Could be? Well that’s a touch optimistic.

What exactly does “severe” mean?

It means scrambling to repair trust. Frank Blake, chairman and CEO of Home Depot, released a statement apologizing for the frustration and anxiety the breach has caused customers and thanking them for their patience as the company works to resolve the issue.

Not an easy statement to make. A large-scale data breach compromises customer trust and damages the company’s reputation; it also brings personal stress and humiliation down on company decision-makers as they hustle to put out the fires.

It means offering free services. Home Depot announced they’re going to provide “free identity protection services to customers who may have been affected by the breach… including credit monitoring.” It may be the least they can do, but it’s not free. Delivering fraud detection services to millions of customers entails a remarkable financial and organizational investment.

It means watching shares drop. No matter how well Home Depot responds, shareholders shy away at times like these. In this case, the company’s shares “are down about 3 percent since Tuesday, and they fell 42 cents to $90.40 in Monday aftermarket trading.”

It means  losing your job. After the Target breach, that company’s CIO and CEO both resigned. “I would think if you’re a member of the board of directors, somebody has to be the sacrificial lamb for this,” said Forrester analyst John Kindervag about Home Depot.

Prophetic words? Back in August, just before the breach was announced, Home Depot told the world that Blake would be leaving on the first of November.

It means heading into lawsuits. You may recall from last Friday’s post that most of the $148 million fallout from the Target breach went toward claims resolution. Home Depot is just beginning its own litigation journey: on Tuesday, a customer filed a lawsuit in a Chicago federal court on the grounds that the company failed to protect their customers properly.

But that’s it, right?

No. This is not a comprehensive list by any means, though it does provide at a least a glimpse of what Home Depot will be facing over the next twelve months, if not longer.

What can we learn from this story? Is there anything Home Depot could have done differently? We’ll answer that question on Wednesday, in our fourth and final post of this series.

Leave a Reply