TJX Data Breach: Ignore Cost Lessons and Weep
While monetary costs from a massive data breach are bad enough, the damage to reputation and the resulting loss of business can be considerable. The recent indictment of the TJX hackers underscores how your company may be at risk, explain security experts.
CIO — The Department of Justice's indictment of 11 people for hacking nine major U.S. retailers and the theft and sale of more than 40 million credit and debit card numbers highlights the global scope of today's hacker threat. While monetary costs are bad enough, the damage to reputation and the resulting loss of business can be considerable.
According to the Associated Press, the indictment alleges that the hackers installed programs to capture card numbers, passwords and account information, and then concealed the data in computer servers that they controlled in the U.S. and Eastern Europe.
Considerable Costs to the Business
"If you take those 41 million cards and assume a one-to-one ratio with each card to an electronic file, and multiply 41 million by the $300 plus it costs to recover the information per file, you have about $12.3 billion in costs," says MacDonnell Ulsch, director of technology risk management and privacy expert for Jefferson Wells, a global provider of professional services. That's before getting into legal settlements, civil litigation costs and so forth. "It is a big problem."
"Potential consumer backlash from this incident is another key aspect to consider," says Kevin Newmeyer, worldwide principal of strategic security and counterterrorism at Unisys. "The Unisys Security Index, for example, reveals that 70 percent of U.S. consumers are significantly concerned about someone stealing their identity and misusing personal information. These also rank as the top consumer security concerns globally."
Companies that fail to take steps to secure electronic data will face direct costs of loss of client information and perhaps, more important, the trust of their customers, notes Newmeyer. However, guarding personal information will give a business advantage in a competitive marketplace.
"How companies manage risk is critical, and the outcome can hurt financially or it can hurt their reputation, which places a long-term problem in front of a company because it will have to regain the integrity that has been taken from its customers," adds Ulsch.
An Escalating Threat
While much still remains unknown, experts believe it's likely that the global scope of this case may just scratch the surface. Some speculate that today's hacker threat may be a much larger issue that involves organized crime, international narcotics trafficking and even terrorist financing.
"It gives us a very good view into the geographic distribution, jurisdictional issues and the complexity of identity theft today, because it involves multiple nations, different types of privacy laws, and is an example of the complexity involved in pursuing the 'bad guys' who are often part of a global organized crime effort for identity theft," says Ulsch.
