Consumers Take Their Business Elsewhere After a Data Breach

A new survey reveals that two-thirds of US adults would not return to a business if their personal information were stolen
A new survey reveals that two-thirds of US adults would not return to a business if their personal information were stolen

But a new survey reveals that two-thirds of US adults would not return to a business if their personal information were stolen – and provides insight into what types of businesses consumers would most likely stop patronizing if their confidential information was stolen.

“With every data breach comes a cost, including lost productivity, a damaged reputation, and most importantly, decreased revenue when customers take their business elsewhere,” said John Otten, marketing manager at Cintas, which commissioned Harris Interactive to carry out the survey. “This research confirms that by failing to make security a priority, businesses can discourage once-loyal customers from returning. It could also stop potential customers from ever patronizing your business.”

When asked which types of organizations patrons would stop doing business with if their personal data were compromised, respondents named banking, healthcare and lawyers as being under the most scrutiny. More than half (55%) said that they would change banks, which is no surprise. And 39% said that they would get a new lawyer. But healthcare is really under the gun for consumers, likely because of the sensitive nature of the personal information that could be compromised: 46% said that they would switch insurance companies, 42% would go to a different drug store/pharmacy and 40% would get a new doctor or dentist. A full 35% said that they would not return to their hospital.

Charitable giving was another at-risk area for brand impact after a breach. Consumers want to know their money is safe and going to where it is intended when they give to a cause. Accordingly, 38% said they would donate to a different charity/non-profit organization, while 24% said that they would no longer donate to their alma mater or another educational institution they attended in the event of a breach.

The survey comes as data breaches continue to be reported, and are being perpetrated via a number of vectors. And yet, organizations’ responses persist in their lack of brand-equity damage control. For instance, 729,000 patients’ data may have been compromised after two password-protected laptops were stolen on October 12 from Alhambra Hospital Medical Center (AHMC) in Alhambra, Calif. The laptops had been guarded and gated by a security team with video surveillance, but the thieves made off with them anyway.

The Los Angeles Times reported that the breach included patient Social Security numbers as well as their names, Medicare/insurance identification numbers, diagnosis/procedure codes and insurance/patient payments.

The breach affects AHMC patients that were treated at Garfield Medical Center, Monterey Park Hospital, Greater El Monte Community Hospital, Whittier Hospital Medical Center, San Gabriel Valley Medical Center and Anaheim Regional Medical Center. “We regret any inconvenience or concern this incident may cause our patients,” AHMC said – which, given the survey results, is unlikely to cut it with its consumers.

Meanwhile, a former Broward Health Medical Center employee took documents containing the personal information of nearly 1,000 patients from the Fort Lauderdale health system, it said this week. The records contain names, addresses, dates of birth, insurance policy numbers and the reasons for visiting – a potential jackpot for identity thieves.

According to the Sun Sentinel, about 960 patients, treated between October and December 2012 at Broward Health's main facility, are being notified via letters. These simply alert them that their registration documents had been "inappropriately removed."

What’s hot on Infosecurity Magazine?