Most retailer breaches are not disclosed, Gartner says

Most retailers do not disclose data breaches after they happen, Gartner says.

While nearly half of U.S. retailers have been hit with some kind of information security attack, only a small percentage of them have actually reported breaches to their customers, research company Gartner reports.

In a new study based on interviews with 50 U.S. retailers, Gartner found that 21 of them were certain they had had a data breach. However, just three of the retailers had disclosed the incident to the public.

The small number of retailers in the survey make it impossible to draw any firm conclusions from the data, but it does underscore a noteworthy trend, said Gartner analyst Avivah Litan. "Sensitive data is being stolen and most of the time it's not being disclosed," she said. "There are a lot more breaches than we hear about."

Many states now have laws that require that consumers be notified when their personal information is compromised, but the bad publicity that results from such disclosures has made retailers reluctant to make them, she said. "They see what happens to companies like TJX and Hannaford and they don't want to call attention to themselves unless they need to."

Litan didn't know whether the retailers had broken state laws by not informing their customers of the breaches, but she said it was a possibility. Some of the breaches may have happened before applicable state laws were in effect.

In 2006, data thieves were able to get access to an estimated 94 million payment card numbers by hacking TJX's computer systems. The retailer has set aside a US$107 million reserve fund to cover lawsuits from credit card issuers that stem from the breach. At the Hannaford Bros. supermarket chain, criminals stole an estimated 4.2 million account numbers after computers there were hacked. That breach was disclosed in March.

Gartner counted phishing attacks and data compromises at third parties as breaches, along with lost or stolen laptops, insider breaches and computer hacking attacks.

Litan said four of the retailers had been fined by credit card companies for not meeting Payment Card Industry (PCI) compliance requirements. Another 11 were threatened with fines for noncompliance.

Data breaches at retailers are the top cause of credit and debit card theft, accounting for about 20 percent of all incidents, Gartner said.

And this type of crime is not going away. Credit card companies predict that payment card fraud rates will double over the next two years, the research company said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?