Estimates Put T.J. Maxx Security Fiasco At $4.5 Billion
The data breach at the major retailer will cost the company $100 per lost record, according to database security firm IPLocks.
The security breach at TJX Companies Inc. could cost the company $100 per lost record, or a total of $4.5 billion, according to the calculations of a database security company.
IPLocks, a compliance and database security company, is basing the estimate on the accumulated costs of fines, legal fees, notification expenses and brand impairment, according to Adrian Lane, the company's chief technology officer. He added that $100 per lost record is an average figure for major data breaches, but they calculated expenses particular to TJX and came out with the same figure.
The Ponemon Institute, a think tank focused on record privacy and data protection, expects the TJX breach costs to be even higher. They cite costs in the range of $182.00 per record, based on research from November 2006 of the cost of breaches incurred in 31 separate incidents. For TJX, this translates to $8.6 billion.
"The effectiveness of the people who stole the information is critical here," said Lane in an interview with InformationWeek. "They did it for a long time. They sold [the stolen information] out to multiple sources. Those credit card numbers are showing up in foreign countries. This is not just a U.S. security breach anymore."
The MBA also said in a release that the Connecticut Bankers Association, the Maine Association of Community Banks, and individual banks are joining as co-plaintiffs. Together, the three associations represent nearly 300 banks. Other banks can still join the suit.
TJX is the parent company of T.J. Maxx, Marshall's, HomeGoods, and other retailers. The security breach, which was announced in January, is the largest customer data breach on record.
"There are still so many unknowns with this breach that reliable assessments are truly impossible, but our estimate of more than $1 billion is not unreasonable given the total number of affected credit cards and the long time period over which the breaches occurred," said Lane. "As an example, the ChoicePoint breach cost approximately $100 per record..."
The IPLocks and Ponemon estimates fall in line with figures that Forrester Research released earlier this month. The industry analyst firm calculated that the average security breach can cost a company between $90 and $305 per lost record. Forrester reported that analysts arrived at that number by surveying 28 companies that had some type of data breach.
Lane added that he hopes companies see these kinds of costs and learn a lesson from TJX's troubles.
"We keep seeing these breaches but we don't see the call to arms," he said. "They're not taking care with that data. If you're going to earn a profit on it, you need to protect it."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 25, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."