Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, January 21, 2009

Data breach study ties fraud losses to Hannaford, TJX breaches

A recent data breach study commissioned by the state of Maine sheds light on the losses banks experienced as a result of the data breaches at TJX and Hannaford Brother’s supermarkets.  The state’s banks said they incurred $2.1 million in expenses related to data breaches since January 1, 2007.  The Hannaford breach had the largest impact, affecting 71 financial institutions and incurring $1.6 million in expenses according to the Maine Data Breach Study.  Adam Shostack, blogger and author of The New School of Information Security, said the expenses turn out to be about $450 for each breached account, which is inline with the estimated figures on for sales of pilfered account data on the black market.

It studied the impact of data security breaches on Maine banks and credit unions.

More than 700 accounts were used to buy items fraudulently, although five of the 22 institutions that suffered a fraud loss did not report the number of accounts, according to the report.

The Hannaford breach cost some banks as much as $58,000 to reissue credit cards to customers.  Communication to customers cost nearly $28,000, some banks and credit unions reported.  Investigation expenses were as high as $21,000 for some banks.

Shostack said the rising costs associated with data breach could lead banks and merchants to find alternative payment methods.  “What this means for business is that the process of data collection and analysis is starting to produce something better than ‘accepted practice,’” Shostack said.

The Ponemon Institute, which puts out an annual data breach cost report, found that the total average cost of a data breach grew to $197 per compromised record.  Ponemon cautioned that the costs listed in the report are only those associated with financial institutions and don’t reflect the total costs incurred by Hannaford’s, victims, and other organizations.

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1345455,00.html

Posted on 01/21
Statistics • (0) CommentsPermalink