In the same year as one of the largest data breaches in history, the misuse of breached consumer data hit a record high, raising the issue of data breaches into the public consciousness following years of complacency among businesses and indifference among consumers regarding data usage, storage and security, according to a report from Javelin Strategy & Research. This article is copyright 2014 The Best Customer Guide.

The report, entitled 2014 Data Breach Fraud Impact Report, examined consumers' current attitudes and behaviour toward companies that have exposed their customers to a data breach and found that, when things go wrong, consumers subsequently tend to avoid retailers the most - especially small online merchants and alternative payment providers - compared with other industries.

The report also compared two significant data breaches from recent history - TJX and Target - to uncover the key lessons and strategies for stakeholders when responding to data breaches as they try to maintain their reputations and retain the loyalty of customers.

Honesty is definitely the best policy, the report noted, finding that customer notifications that describe in detail how a breach occurred can bolster an organisation's claims that they have corrected the security vulnerability that enabled the breach to occur, restoring some degree of confidence among consumers.

Retailers are most likely to be targeted by criminals for their payment card data, resulting in a higher fraud rates. Coupled with insufficient detailed notifications about the data breaches, Javelin found that after a data breach, consumers tend to avoid retailers the most, followed by banks and credit card issuers.

"The changing nature of data breaches is not lost on affected consumers as they are punishing organisations that they perceive to have failed to protect their information and identity," said Al Pascual, Javelin's senior fraud and security analyst. "Unfortunately, their perception may not always match reality as they lay blame at the feet of the notifying organisation even if it was not the one that was breached."