Shoppers blame retailers for data breaches, Congress blames Target

The finger pointing continues regarding the spate of data breaches at U.S. retailers, and the message going forward is that both the government and shoppers place the blame squarely on merchants.

Sixty percent of U.S. shoppers aware of any data breaches blame retailers for the incidents, according to a study conducted by Harris Poll on behalf of Feedzai in January 2014, when news of security breaches at retailers was prominent.

Among U.S. adults who are aware of any data breaches, 60 percent believe merchants are responsible for preventing future incidents, while 13 percent think responsibility falls on banks.

Only 5 percent of these adults feel it is the consumer's responsibility and a good many think the government should be doing more to protect their data: 13 percent say the government is most responsible.

But government is inclined to blame retailers, as well. A U.S. Senate report released this week points out the many missed opportunities Target (NYSE: TGT) had to stop the data breach that ultimately forfeited information from roughly 110 million shoppers.

The report from Democratic staff on the Senate Commerce Committee suggests that Target missed a number of opportunities along the kill chain. Among the failures attributed to Target is its granting access to a third-party vendor that did not follow accepted security practices, failure to respond to multiple automated warnings and a failure to isolate the most sensitive network assets.

There's a good deal of background information (even a timeline) in the report to help Congress better understand the nature of the breach and the kill chain, and a brief synopsis of how Target did not do enough to thwart the attacks at various stages along the kill chain, in spite of being PCI compliant.

Government isn't the only entity to blame Target, even banks are getting in on the action. A lawsuit filed Wednesday in Chicago federal court against Target and Trustwave Holdings, a provider of credit card security services, claims the defendants failed to properly secure shopper data.

The complaint filed by Trustmark National Bank and Green Bank NA, seeks unspecified damages of at least $5 million but said losses could top $1 billion for card issuers and $18 billion for banks and retailers, reports the Chicago Tribune.

For more:
-See this Feedzai study
-See this Chicago Tribune story

Related stories:
Sally's data breach possibly affected up to 280,000 customers
More Target trouble: Jobs slashed amid reports the breach could have been prevented
Target invests $5 million in security education, offers free credit monitoring to customers for 1 year
Target: Timeline of a data breach
Target admits encrypted PIN data was stolen in data breach