Customer Loyalty

What Happens to Customer Loyalty After an E-Commerce Site Data Breach?

One of your biggest concerns when running an e-commerce site through WordPress should be cybersecurity. Handling customers’ sensitive information — like home addresses and credit card numbers — means people will hold your business accountable in the event of a data breach. How do hacks affect customer loyalty, and how can you win them back after one occurs?

The Fallout

An e-commerce data breach is not good for a brand’s image. Following Facebook’s Cambridge Analytica scandal in 2018, just 28% of the site’s users believed the company was committed to privacy, down from a high of 79% the year prior. Overall, customer confidence in the social media giant fell by 66% because of the attack.

Target experienced a significant decrease in consumer spending after its 2013 data breach. After cybercriminals stole millions of credit and debit card records from the retail store, customers were understandably wary about continuing to shop there.

According to a report from Cisco, 22% of breached businesses lose customers, with 29% losing revenue as a result. Of the companies that take a financial hit, 38% part with over one-fifth of their earnings.

Recovering from an e-commerce data breach can be especially costly because, in addition to the lost revenue, you must also pay a cybersecurity team to identify how the attack happened and devise a way to prevent future problems. It’s in your best interest to prevent a data leak altogether.

How to Maintain and Regain Loyalty After a Breach

Despite your best efforts, your business might still become a data breach victim. One of the best ways to retain your customers when this happens is to assure them you take security very seriously.

Send your customers and investors an apologetic email letting them know what happened. In the message, detail the safety measures you’ll be implementing in response to this incident. Strong website security includes several components.


Only Collecting Necessary Data

The less customer data you handle, the lower the likelihood of misplacing it. Take only what you need. Additionally, you should inform people that your site uses cookies and give them the chance to opt out. Explain which types of information your website stores and how you use it.

Informing people about your use of their data creates a relationship of transparency and trust. Depending on your geographic location, laws like the General Data Protection Regulation (GDPR) may even mandate it.

Implementing MFA

Multifactor authentication (MFA) prompts people to use a one-time code — usually texted to their phone or sent in an email — alongside their username and password when logging in. In 2021, 79% of people reported having used MFA when logging in to websites.

Although it presents a slight inconvenience to anyone in a hurry, MFA is a massive roadblock for would-be hackers. Even if a threat actor steals someone’s login credentials, they would also have to hack into their email account or cellphone to log in to your site.

It’s a highly effective technique. MFA is a visible security measure showing customers you care about their safety.

Using the TLS Protocol

Use the Transport Layer Security (TLS) protocol to make your website even more secure. It secures the connection between your servers and clients’ computers. A customer’s data goes where it says it’s going, cannot go anywhere else and can’t be intercepted.

Some computers won’t even let users visit unsecured sites — the screen will tell people the website is unsecured and prompt them to go back. Sites with a TLS certificate display a padlock symbol next to the URL, putting visitors’ minds at ease.

Monitoring Network Activity

Security software like Security Ninja can alert you to any suspicious activity on your site. For example, the software will notify you if someone tries to log in from a new device or a different location. You can also get alerts if people try to make unusually large purchases. Keeping an eye on network traffic makes you more likely to notice a potential data breach before things get out of hand.

Be Honest

Let customers know exactly how the data breach occurred, who it affected and how your actions led it to happen in the first place. Explain its true scope and severity.

Above all, do not try to cover the data breach up. In addition to losing customer loyalty if people find out, you may also face steep legal fees, as Uber found out in 2018 when it paid a $148 million settlement for trying to hide one. Honesty is the best course of action.

Regrouping After an E-Commerce Data Breach

Although a data breach will almost certainly affect customer loyalty, it isn’t necessarily a disaster. Eventually, as people learn to trust your business again, you’ll start earning the loyalty of new customers and even regaining some of your old ones.

The best thing to do immediately after a breach is to assure people you’re taking strong security measures — and then implement them. Be honest about the incident and apologize to everyone it affected. With any luck, improving your cybersecurity will prevent future issues and you’ll be back on track to having a loyal customer base.

Save 40%

On monthly and annual plans

Lifetime Deals

Only during BF sales!




We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!


Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)

WordPress Turns 20: Save 20% Now!



Code valid till June 26th 2023

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)