What Are Big Box Stores Doing to Protect Your Data?

It doesn’t seem that big box stores are doing enough to protect their customers’ data. Over the last few years, there have been a terrifying number of data breaches in the US. Oftentimes such breaches occur at big box stores. Target and Walmart have most notoriously fallen victim. But the problem doesn’t just end with these retail giants; it is extended through a marketing web that includes social media networks and credit card companies. It seems thatーother than obvious, long-past due fixesー, big box companies aren’t doing anything to protect your data. Instead, they’re spreading it.


Big box stores do seem to be improving their online POS systems after realizing the danger they were putting customers in. POS’s, or point of sale systems, are the machines on which transactions occur. For years they were out-dated, and their updating was necessary. Cyber criminals targeted outdated POS’s by installing malware on them that stole consumer data. This change in POS is clearly a welcomed one, but for many the damage has already been done. With credit card information on the loose, identity theft runs rampant and the cost of recovery runs upwards of thousands of dollars in some cases.

Encryption is also standard operating procedure for most big box stores now. But the fact that they weren’t encrypting data all along is puzzling to say the least. Keeping giant databases of consumer credit card numbers and other personal data in plain text is just asking for trouble. It’s good that encryption is finally being utilized, but why did it take so long?


Big box stores may be taking minor steps in keeping your data away from hackers, but that doesn’t mean they want to keep your data private. These stores are in the business of making profit, and sharing your data with other cogs in the marketing machine inflates their chances of earning your dollar. A simple shopping trip or online spree at a retail giant could potentially trigger a domino effect that sees your data being spread far and wide.

Picture buying groceries at your local grocer retailer. The cashier says you can save 10% if you sign up for the store’s card or rewards program, and you decide to go through with it. You provide the cashier you name, phone number, and email address, save 10% and leave the store satisfied with your savings.

The big box store takes your name, phone number, email address, and information from the credit card you used to make your purchase, and stores them together in a database–information entered in-store as well as online share the same database. That database may or may not be encrypted, but even if it is, the store holds the key to the encryption and can access your data. It may be safe from hackers, but the store is not hiding it from everyone. In fact, they’re sharing it with a lot of people. One way this happens is through data co-ops. A data co-op is a grouping of retailers or companies who exchange consumers’ personal information and purchasing habits with each other. This allows the retailers to more effectively market towards you without you even being consciously aware in the process.

Another recipient of your data could be a data matching service, who takes the data shared with them from a company’s database and pairs it with Facebook profiles. If your profile is matched, you’ll likely begin seeing targeted ads on Facebook that are reflective of your big box store purchases. The machine stretches even farther than this, but the pattern is the same. The store you gave information to is giving it to others.


Unfortunately, the nature of modern day marketing means that you are limited when attempting to safeguard your data. But there are steps you can take. When going to big box stores, pay with cash whenever possible. If the store wants your personal information, don’t be so fast to give it to them. Ask questions about why they need it and how they’ll use it.

When shopping with big box stores online, encrypt your internet traffic with a VPN from IPVanish, the leading VPN service provider on the market. Additionally, look for a locked padlock in the address bar to the left of the site URL as an indication of site security and disable cookies.