User compensation as a data breach recovery action: a methodological replication and investigation of generalizability based on the Home Depot breach

In the aftermath of data breaches, many firms offer compensation to affected customers to recover from damaged customer sentiments. To understand the effectiveness of such compensation offerings, Goode et al. (2017) examined the effects of compensation offered by Sony following the PlayStation Network breach in 2011. Although Goode et al. (2017) present key insights on data breach compensation, it is unclear whether their findings generalize beyond the context of subscription-based gaming platforms whose customers are young and experience substantial switching costs. To address this issue, we conducted a methodological replication in a retail context with low switching costs.

In our replication, we examine the effects of compensation offered by Home Depot in the aftermath of its data breach in 2014. Home Depot is the largest home improvement retailer in the US and presents a substantially different context. Data were collected from 901 participants using surveys.

Our results were consistent with the original study. We found that in retail breaches, effective compensation needs to meet customers' expectations because overcompensation or undercompensation leads to negative outcomes, such as decreased repurchase intention.

Our study provides insights into the effectiveness of compensation in the retail context and confirms the findings of Goode et al. (2017).