A data breach can cost companies millions of dollars in lost revenue, damage control, and more. But what about indirect costs that are difficult to manage? What happens when a company’s reputation is damaged because they’ve been targeted by spoofing, phishing, ransomware, and other cyber attacks?

We’ll answer these questions. Firstly, let’s look at five of the more notorious data breaches from high-profile brands in the last 10 years.

Notable Security Breaches and the Uniform Consumer Response

1. Yahoo: In 2013 and 2014, Yahoo experienced two separate data breaches that exposed the personal data of all 3 billion of its user accounts. Consequently, the breaches had a significant negative impact on Yahoo’s reputation and led to a decline in user trust.
2. Marriott: In 2018, Marriott’s subsidiary, Starwood Hotels & Resorts, announced that it had suffered a data breach that exposed the personal data of up to 500 million guests. Consequently, the breach had a significant impact on Marriott’s reputation and led to a decline in customer trust.
3. Equifax: In 2017, credit reporting company Equifax announced that it had suffered a data breach that exposed the personal data of 143 million individuals. Consequently, the breach had a significant negative impact on Equifax’s reputation and led to a decline in customer trust.
4. Target: In 2013, Target announced that it had suffered a data breach that exposed the personal data of 40 million credit and debit card accounts. Consequently, the breach had a significant negative impact on Target’s reputation and led to a decline in customer trust.
5. Home Depot: In 2014, Home Depot announced that it had suffered a data breach that exposed the personal data of 56 million credit and debit card accounts. Consequently, the breach had a significant negative impact on Home Depot’s reputation and led to a decline in customer trust.

You’re beginning to see a pattern here, right? Consumer trust is slow to build but quick to lose.

What We’ve Learned From Big Data Breaches

If a company experiences a data breach resulting from cyber attacks, it’s important for them to take immediate steps. They must address the issue and minimize the potential damage to their reputation. Here are some steps a company can take to restore its reputation after a data breach:

1. Alert affected individuals and the public.

It’s important for a company to be transparent about the data breach and to provide timely updates to affected individuals and the general public.

2. Investigate the cause of the breach.

A company should conduct a thorough investigation to determine the cause of the breach and take steps to prevent similar breaches from occurring in the future.

3. Implement additional security measures.

In the wake of a data breach, a company should review and strengthen their security measures to better protect sensitive data.

4. Offer assistance to affected individuals.

A company should offer assistance to individuals whose personal information may have been compromised, such as offering credit monitoring services or identity theft protection.

5. Apologize and take responsibility.

A company should take responsibility for the data breach and apologize to affected individuals and the public.

6. Foster trust and transparency.

A company should be transparent about their actions and efforts to prevent future breaches, and work to rebuild trust with affected individuals and the public.

Publish a ‘Report Scam’ Page

It’s not uncommon for companies to create a page of their websites dedicated specifically to addressing reputational concerns, such as this example of what to do if you think you’ve been scammed by AnyTech365. AnyTech365 is a global provider of IT support services to businesses and individuals. Unfortunately, as it grew, it drew more attention.

No such thing as negative publicity? Not true. Cyber attacks often spoof brands like AnyTech as well as well-known brands like Microsoft, Walmart, Target and others. These companies lose billions — with a B — of dollars not only in direct losses but also from losses in reputation.

What should you include in a page dedicated to reporting fraud?

• First and foremost, consult with your organization legal department. Ask about what you can and should say to address scams that involve your organization.
  • Nothing in this article should be mistaken for legal advice. We’re presenting this for informational purposes only, based on what other companies have done to report scams.
• Be transparent about how your organization engages with the public. “Our customer service agents will never ask you for your personal information…” for example.
• Provide a dedicated email address, phone number or online form for people to report scams directly to your organization.
• Provide a link to law enforcement, such as the FBI’s Scam and Safety page.

Some Examples Might Help

Here are examples of companies that have created pages specifically for customers to report scams:

• Microsoft’s Report a Technical Support Scam
• Security and Fraud at Target
• Report Suspicious Messages to PayPal
• Report Fraud to Chase Bank

There are hundreds more examples of these types of pages. To find them, use your favorite search engine (Google, for example), and search brand + report fraud. For example, chase bank report fraud.

Don’t Get Complacent When It Comes to Fraud

It’s so easy to become numb to the cyber attacks and phishing scams that fill our in boxes and devices, isn’t it? Yet, if we don’t do anything, the scammers will continue to target us.

Consequently, take a few minutes to report suspicious messages, especially to companies that you do business with regularly.

[table id=1 /]