According to a new report from Gartner, many retailers have not reported data breaches to their customers. The study found that 21 of the 50 retailers interviewed have had a data breach, but only 3 of these 21 breaches had been disclosed to the public.

The sample size for the survey is too small to draw firm conclusions about the industry as a whole, but it does highlight a troubling pattern. Gartner analyst Avivah Litan says:

“Sensitive data is being stolen and most of the time it’s not being disclosed. There are a lot more breaches than we hear about.”

This not only touches on the importance of consumer trust, but also a lack of compliance with data breach regulations that require consumers to be notified. Companies have noticed the bad press to result from such data breach notifications, and they don’t want to call the same attention to themselves.

The survey did not make clear if the retailers surveyed had broken state laws by not informing customers, but Litan said it was a possibility. 4 companies have been fined by credit card companies for not meeting Payment Card Industry compliance requirements, and another 11 were threatened with fines.

In other retailer news, a survey shows that most retailers using card payment technology will not be ready to meet the PCI-DSS Section 6.6 deadline of 30th June. This deadline requires merchants to have a firewall to protect web applications or to have completed a web application software code review to ensure vulnerabilities are patched. The main reason behind the inability to meet the deadline is that retailers don’t understand what they need to be doing, which undermines the purpose of the new legislation.

Via PC World, Finance Week ; image: pindiyath100 @moreguefile ; Tags: , , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati