Wednesday, April 4, 2007

And we have a new champion...

According to this article from cnet there is a new record holder for the unwelcome honor of worst breach of security for consumer data. The not-so-lucky entity who's security was breached was TJX, which operates discount stores such as T.J. Maxx, and Marshalls. The size of the breach: 45.7 million accounts compromised over a two year period, which beats the previous record (held by Cardsystems, a third party processor of payment data) by almost 6 million records.

The question though, is how much this is going to hurt. Previous studies (such as the one described here) have pegged the cost of security breaches at around $180/record, which puts the total estimated damages for TJX at more than 8 billion dollars. Of course, the biggest breach of all is, by definition, outside the normal run of data on which these estimates are based. The previous titleholder, Cardsystems, took a tremendous hit to its business when Visa an American Express revoked its status as an approved transaction processor (details available here) and was eventually forced into an asset sale (details available here). Does that mean that TJX will suffer a similar catastrophic collapse? Not at all. However, it does illustrate that, when it comes to security breaches, there are real risks associated with being number 1.

No comments: