Management Information Systems Quarterly


Data breaches are a major threat to organizations from both financial and customer relations perspectives. We developed a nomological network linking post-breach compensation strategies to key outcomes, namely continued shopping intentions, positive word-of-mouth, and online complaining, with the effects being mediated by customers’ justice perceptions. We conducted a longitudinal field study investigating Target’s data breach in 2013 that affected more than 110 million customers. We examined customers’ expectations toward compensation immediately after the breach was confirmed (survey 1) and their experiences after reparations were made (survey 2). Evidence from polynomial regression and response surface analyses of data collected from 388 affected customers showed that customers’ justice perceptions were influenced by the actual compensation provided as well as the type and extent of compensation an organization could and should have provided (i.e., customers’ compensation expectations). Interestingly, both positive and negative expectation disconfirmation led to less favorable justice perceptions compared to when expectations were met. Justice perceptions were, in turn, associated with key outcomes. We discuss implications for research on data security, information systems, and justice theory.