A Tale Of Two Cyberheists

I got the email from Target the other day and had to smile. For weeks I've contemplated and debated about how consumers might react to the breach. But I never once thought about how I felt about it -- not until the apology from Target CEO Gregg Steinhafel landed in my inbox.

He told 110 million of my closest friends and that our credit card information and/or our names, addresses, phone numbers, and email addresses may have been stolen. Then he assured us that he was really sorry about it. How did it make me feel? Like many others, I didn't much care. I read it. I shrugged. And then I made a note to take Target up on its offer of a year of free credit monitoring. I haven't signed up yet, but I'll get around to it -- right after I straighten out the workbench in the garage.

Contrast that with the hailstorm that SnapChat has endured since hackers snatched 4.6 million members' usernames and phone numbers from the photo and video messaging service. The Target heist affected many more people -- 23 times more, to be exact -- and it involved more data per customer. But SnapChat will be stinging much longer than Target. The reason: Target sustained what consumers see as a security breach, while SnapChat's is a privacy violation.

[For the latest on the Target breach, read Target, Neiman Marcus Malware Creators Identified.]

The two e-burglaries underscore the distinction between how consumers view online privacy and security -- and the vast difference in their expectations for how companies should handle the information in each bucket. If credit card information and related transactional data is compromised, consumers expect companies to make it right. But with information they regard as private, they expect companies to keep it private. Period. End of story.

Understanding the distinction is critically important these days. Marketers are beginning to assume that people in their target audience are carrying smartphones. Their demand for personal information is skyrocketing. They want to know where consumers are and what they're doing so they can deliver timely, relevant messages. At the same time, consumers are growing more wary with each new privacy violation.

Confounding the problem is that consumers may see the same data differently, depending on the context. If hackers invade Lowe's, for example, consumers would likely view that as a security breach. The credit card will be replaced. If the hackers learn where they live and that they're the proud owners of a new garden hose, they can live with that. Very different story, though, if hackers poach another database and learn that they bought hose attachments at an online sex shop. (No mail please -- I'm not even sure if that's possible!)

That's why the Target and SnapChat breaches elicited such polar responses. Thanks to the Target heist, there are unsavory types out there who know millions of consumers may have purchased dishes, pillow shams, or a box of crackers at Target. Yawn. With the SnapChat break-in, the hackers might know, well, you know.

To be sure, the holiday raid is costing Target millions. Sales slumped during the critical shopping season as customers bought gifts elsewhere while waiting for the company to sort things out. But while Target lost sales, it didn't lose customers. Generally speaking, consumers aren't abandoning Target. So it's in much better shape than SnapChat in that regard.

Overcoming consumers' privacy concerns is a critical topic for digital marketers, one that we'll be exploring at the MarketsofOne TechSummit in April. The summit's focus is how to drive the transition from targeting markets of millions to millions of markets of one. Check it out.

Meantime, marketers who see pots of gold at the end of the contextual awareness rainbow will need to step gingerly, because this is clearly a matter of privacy, not security. The prospects for winning big are clear. But they need to be transparent about the data they want to collect, and what's in it for consumers. They need to keep in mind that the more consumer data they have, the more they'll need to protect. If they don't, the backlash may be paralyzing -- even fatal.

Mike Feibus is principal analyst at TechKnowledge Strategies, a Scottsdale, Ariz., market research firm focusing on mobile client technologies. You can reach him at [email protected].

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)