Help us learn more about you and your job. Take our short audience survey now for a chance to win a $25 Amazon gift card.
In recent weeks, both StockX and Poshmark have reported sizable data breaches, alerting customers through blog posts that their data could potentially be compromised. Both brands, so far, said unknown third parties are responsible for the respective breaches.
Many brands from Forever 21 to Under Armour have fallen victim to these situations since early 2018, and the costs for the brands can be massive. The average cost of a data breach to a company in the U.S. is about $8.19 million, according to a report from Ponemon Institute and IBM Security.
Part of it comes down to how a brand handles the breach and informs customers of what happened, said Vic Drabicky, founder and CEO at digital marketing agency January Digital. If a brand is upfront and honest, he said, then customers are more likely to forgive and move on.
“Generally, consumers have a pretty short rearview mirror when it comes to their security and those sorts of things. They’re outraged for about half a day, and then they go back to other things. That said, it’s important that the brand properly supports and protects them, and maintains that trust otherwise they aren’t likely to forget,” Drabicky said.
Poshmark, for example, started notifying U.S. users of the breach on Aug. 1 via email and published a note on the brand’s blog that same day. In the post, the brand said it recently discovered what had happened but did not share specifics on the timeline. Some users’ profile information, including their username, first and last name, gender and city, was involved, as were email addresses, size preferences and social media profiles.
“Our community is our No. 1 priority, and we sincerely regret any concern this may cause,” said a spokesperson for the brand in an emailed statement.
StockX, on the other hand originally emailed customers telling them to update their passwords due to “system updates.” TechCrunch later reported that the email was actually in response to a massive data breach. TechCrunch reported that 6.8 million records were stolen sometime in May, including names, email addresses and more.
In a blog post published by the company on Saturday, StockX said that as soon as the company learned of the breach, it immediately launched a forensic investigation. “At this time, an investigation is still underway. The statement released by StockX includes all information we are able to share at this time. We will update our customers when we have more details we can confirm,” the company said in an emailed statement to Glossy.
Not only can the financial costs be high, but depending on the size of the breach there can be long-lasting effects on the brand’s reputation and customer loyalty. A 2016 study from advisory firm KPMG found that 19% of customers said they would stop shopping with their favorite brands and retailers in the event of a data breach. Additionally, 33% said that they would avoid shopping with breached companies for at least three months after the incident, out of concern for the security of their personal data.
For StockX, the impact could fall into that bucket, Drabicky said. “It was two months ago that the hack actually happened. People have confirmed that the data was actually stolen and that it could be purchased, and confirmed that the stolen data was valid, as well, which makes it all a little bit worse,” he said. With major competition in the sneaker resale space from brands like Stadium Goods and GOAT, an event like this could prove especially damaging for StockX.
Edward Scott, CEO of information and technology services company ElectrifAI, said, moving forward, StockX, Poshmark and all brands in general need to put security at the center of the brand, something that is constantly discussed internally and externally. Otherwise, he said, all brands leave themselves susceptible to these types of attacks.
“Right now, for many companies, security may still be a bit of an afterthought, but it actually needs to be a central focus of the C-suite. You don’t have to be perfect all the time, but customers have to know that this is front and center to your brand, and, therefore, you are worthy of their trust,” said Scott. “Companies that are not transparent and are not openly and honestly having these conversations are going to be the companies that are going to suffer.”