An important component of the Company's business involves the receipt and storage of information about its customers and employees and maintaining internal business data. As a large employer and operator of retail stores and provider of pawn loans, the Company is under threat of loss due to the velocity and sophistication of security breaches and cyber attacks. These security incidents and cyber attacks may be in the form of computer hacking, acts of vandalism or theft, malware, computer viruses or other malicious codes, phishing, employee error or malfeasance, catastrophes or unforeseen events or other cyber-attacks. A security breach of the Company's computer systems, or those of the Company's third-party service providers, including as a result of cyber attacks, could cause loss of Company assets, interrupt or damage its operations or harm its reputation. In addition, the Company could be subject to liability if confidential customer or employee information is misappropriated from its computer systems. Any compromise of security, including security breaches perpetrated on persons with whom the Company has commercial relationships, that results in the unauthorized access to or use of personal information or the unauthorized access to or use of confidential employee, customer, supplier or Company information, could result in a violation of applicable privacy and other laws, significant legal and financial exposure, damage to the Company's reputation, and a loss of confidence of the Company's customers, vendors and others, which could harm its business and operations. Any compromise of security could deter people from entering into transactions that involve transmitting confidential information to the Company's systems and could harm relationships with the Company's suppliers, which could have a material adverse effect on the Company's business. Actual or anticipated cyber attacks may cause the Company to incur substantial costs, including costs to prevent future attacks and investigate actual attacks, deploy additional personnel and protection technologies, train employees and engage third-party experts and consultants. Despite the implementation of significant security measures, these systems may still be vulnerable to physical break-ins, computer viruses, programming errors, attacks by third parties or similar disruptive problems. The Company may not have the resources or technical sophistication to anticipate or prevent rapidly evolving types of cyber attacks.
The Company's customers provide personal information in one of three ways: (1) when conducting a pawn transaction or selling merchandise, (2) when conducting a background check in connection with releasing or selling firearms, and (3) when conducting a retail purchase whereby a customer's payment method is via a credit card, debit card or check. While the Company has implemented systems and processes to protect against unauthorized access to or use of such personal information, there is no guarantee that these procedures are adequate to safeguard against all security breaches or misuse of the information. Furthermore, the Company relies on encryption and authentication technology to provide security and authentication to effectively secure transmission of confidential information, including credit card information and other personal information. However, there is no guarantee that these systems or processes will address all of the cyber threats that continue to evolve.
Lastly, the regulatory environment related to information security and data collection, retention, use and privacy is increasingly rigorous, with new and constantly changing requirements applicable to the Company's business, and compliance with those requirements could result in additional costs. These costs associated with information security, such as increased investment in technology or investigative expenses, the costs of compliance with privacy laws, and fines, penalties and costs incurred to prevent or remediate information security or cyber breaches, could be substantial and adversely impact the Company's business.
The Company uses a combination of hardware systems, software systems, internal information technology specialists and third party service providers to assess and mitigate cyber security threats. Even if the Company is fully compliant with legal standards and contractual or other requirements, it still may not be able to prevent security breaches involving sensitive data. The sophistication of efforts by hackers to gain unauthorized access to information technology systems continues to increase. Breaches, thefts, losses or fraudulent uses of customer, employee or Company business data could cause employees and customers to lose confidence in the security of its systems including the point-of-sale system and other information technology systems and choose not to do business with the Company. Such security breaches also could expose the Company to risks of data loss, business disruption, litigation and other costs or liabilities, any of which could adversely affect the business.