Recently, the New York Times reported that a crime ring in Russia has “amassed the largest known collection of internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses.” The newspaper quoted data security expert Alex Holden, founder of Hold Security, as warning that hackers “targeted any website they could get, ranging from Fortune 500 companies to very small websites.”
In the last year, we have seen more data stolen from retailers than ever before. It seems as if every week we’re hearing of yet another company that might have compromised our personal data. While the Times reports that this crime ring seems to be using this data to simply hijack email and social media accounts, it does acknowledge that the sale of personal information, including Social Security numbers and other personal information, would be much more lucrative.
Dealers may think that car dealers are less likely to be targeted by hackers but I would argue that, in fact, car dealerships would be gold mines for hackers. Not only do dealerships have credit card numbers, but they also every piece of information anyone would need to essentially hijack a person’s life. The fact that there has yet to be a dealership breach reported in the national news might only be because news agencies focus on major breaches, or possibly it’s simply because hackers haven’t figured it out yet.
Regardless of whether hackers are targeting dealerships, dealers must consider that consumers do not hold the hackers accountable for data breaches of their private information. When Target was hacked, consumers were outraged that their credit and/or debit card information was compromised. Once Target discovered the culprit was an employee of an HVAC company that Target had hired and announced it to the public, consumers still didn’t care. Target is facing an uphill battle to rebuild trust and reassure its customers, all while being scrutinized by government regulators.
Wyndham Hotels experienced a similar breach when its database was compromised. In this case, the FTC intervened and sued the hotel chain, and a federal judge affirmed they have the authority to do so. We all know that the FTC is very involved in automotive sales and related consumer laws. Red flag compliance has steadily become stricter over the past 10 years. Have no doubt that the FTC will intervene in any case in which consumer personal information is stolen from a dealership DMS or CRM.
To add to the growing list of data breaches, the news site Mashable reported on August 18 that its system had been breached and hackers made off with 4.5 million patient records that included “patient names, addresses, birthdates, telephone numbers, and Social Security numbers…”
Technology has empowered businesses of today to become more efficient than ever. At the same time, it has levied a responsibility on dealerships to safeguard the data that is given to them by consumers. With states enacting data security and privacy laws, government committees arguing for legislation and retailers experiencing the wrath of consumer defection following breaches, dealerships would be wise to ensure that they have effective and compliant data security standards in place— not only within their own organizations, but also with any vendor with whom they share customer information.
The warning signs on the railroad crossing are flashing. The train is coming. Dealers need to either stop or keep going and hope they don’t get hit by the train.
Scott Joseph is the CEO of J&L Marketing.