The customers’ data has emerged as a critical resource for fashion companies in today’s evolving business landscape. Fashion retailers gather ample of customers’ personal information such as email addresses, phone numbers and social media handles to understand consumer behaviour, predict trends and enhance their marketing strategies. This data enables retailers to provide personalised recommendations, targeted ads and seamless customer experiences.
However, with growing consumer awareness about privacy, data misuse and cybersecurity breaches, fashion retailers worldwide face the challenge of balancing business needs with responsible (and ethical) data management.
VF Corporation recently faced a severe data breach that created a stir in fashion business. In March 2023, fashion retailer Forever21 experienced a data breach compromising the personal information of nearly 5,39,000 people. More recently, leading denim brand Levi’s reported a data breach, while the reputed footwear brand Shoe Zone also fell victim to a cyberattack.
Challenges faced by Indian fashion retailers and consumers in data security
In this digital age, cybercriminals often target businesses, fashion retail in particular, to gain access to customer data, leading to breaches that can harm the brand’s reputation and customer trust. The collection of sensitive information such as customers’ payment details – credit cards, debit cards and UPI amongst other mediums – has become an attractive target for hackers. According to several reports, in 2023, approximately 2.30 billion personal data records were compromised in data breaches worldwide, with India being one of the most impacted nations, where hackers targeted healthcare and retail sectors particularly.
For example, e-commerce retailer Zivame experienced a breach that exposed the personal data of over 1.5 million customers. Similarly, Kewal Kiran Clothing, one of India’s leading apparel retailers, suffered a data breach impacting 1.3 million customers. Another major incident involved Aditya Birla Fashion and Retail Limited (ABFRL) that faced a severe data breach a couple of years ago where personal details such as names, phone numbers, addresses, order histories and credit card information of 5.4 million customers were leaked through its online portal and were made public by hackers.
A leading password protection company NordPass recently reported that nearly 730 retail companies experienced data leaks between 2019 and September 2023. These breaches not only cause financial disruptions – such as unfulfilled orders, operational downtime or ransom demands – but also severely damage brand reputation, eroding customer trust and loyalty.
Each data breach cost an average of US $ 4.45 million (approximately Rs. 37 crore) in 2023, according to IBM, bringing the estimated cost of data breaches over the year to US $ 13.89 billion (approximately Rs.115,287 lakh crore).
How fashion retailers ensure data security
India is amongst one of the countries that are introducing stringent data privacy laws such as the Personal Data Protection Bill. Fashion retailers are also ensuring compliance with these acts and regulations. The implementation of the Digital Personal Protection act in India highlights retailers’ efforts in safeguarding their customers’ data. The legislation imposes stricter regulations on data handling and brings greater transparency that helps retailers mitigate privacy risks and gain customer trust in this digital ecosystem. Leading Indian fashion brands like Fabindia have adopted privacy-centric practices, including clear consent-based data collection, to ensure compliance with local laws and build customer trust.
Encryption and Tokenisation is another step taken up by fashion retailers that helps them convert customer data into encrypted and undetectable code. This ensures the information remains safe even if breach occurs from unauthorised parties or hackers. Tokenisation replaces sensitive data with random tokens, making it impossible to reverse-engineer information or a pool of dataset. Large Indian retail conglomerates such as Reliance Retail and Tata Trent use encryption tools to secure customer data during payment processes and on their digital platforms.
Many retailers now require customers to go through additional verification steps – Two-Factor Authentication (2FA) – such as OTPs (one-time passwords), when logging into accounts or making transactions. This step significantly reduces the risk of unauthorised access to customers’ database. E-commerce bigwigs Myntra and Ajio have implemented OTP-based two-factor authentication for both website and app users, ensuring safe login processes.
Furthermore, fashion retailers such as ABFRL have started conducting frequent audits and hiring ethical hackers or partnering with cybersecurity firms to identify vulnerabilities (in real-time) in their systems. These preventive measures help brands stay ahead of cyber threats.
Retailers like Zivame and Pantaloons require explicit consent before sending promotional content to ensure that customers are comfortable with the communication. On the other hand, some retailers run campaigns to educate customers about phishing attacks and safe online practices. This enhances overall cybersecurity awareness.
Ethical data use and transparency
Many brands now emphasise responsible data use, ensuring they communicate their privacy policies effectively to customers. Transparency about how data is used creates trust and helps consumers to be in control. For example, Nykaa and Arvind Fashions offer detailed privacy policy documents and periodic alerts to inform customers about new data practices and policy updates.
“I believe the intersection of technology and consumer behaviour necessitates a proactive approach from retailers, balancing innovation with ethical considerations. Embracing digital advancements while prioritising data privacy and security will not only enhance the retail experience but also foster long-term consumer loyalty and trust,” commented Satish Panchapakesan, Group CIO, Arvind Fashions.
Can retailers build trust through better communication?
It’s no longer enough to implement security measures; brands must also effectively communicate their efforts to reassure customers. Retailers must use several strategies to maintain trust such as sending alerts when suspicious activities are detected, allowing customers to act quickly!
For example, when ABFRL experienced a breach affecting customer and employee data, its affected users reported receiving notifications about the breach through the breach tracker platform Have I Been Pwned rather than directly from the company.
Similarly, Zivame, a women’s apparel retailer, had customer data exposed, but the breach raised questions about whether customers were adequately informed by the brand itself.
While Indian brands have begun adopting better security protocols, there are limited reports confirming if these companies send proactive alerts directly to customers when suspicious activity is detected. Many customers depend on third-party services like Have I Been Pwned or financial institutions for alerts related to breaches involving payment data.
“While regulatory and security measures act and the management of first-party data offer some degree of assurance, they do not provide absolute protection against privacy breaches. The anonymous nature of online interactions poses challenges, as users inadvertently leave digital footprints that could potentially be exploited by malicious entities,” averred Satish.
Recently, Team Apparel Resources conducted a survey with over 50 tech leaders from the Indian fashion retail industry, gathering insights on how they have transformed the retail landscape. Surprisingly, none of the leaders mentioned efforts related to data security – an area that has evolved from a back-end function to a critical component of customer experience.
As consumers become increasingly aware of privacy issues, the pressure on retailers to adopt robust data security measures grows. Retailers must proactively enhance the protection of customer data, as the future of retail hinges on striking a balance between technological innovation and ethical responsibility.
