Top 5 most expensive data breaches

I’ve had this post ready for some time but have had other things to write about. This information is interesting – what some of the recent hacks have started to cost businesses and individuals. For now, anyone who has not been a victim of stolen information, count your self lucky!

Data theft is off to a troubling start this year, with two massive breaches occurring in March and April. Hackers’ success in grabbing millions of records at Epsilon and Sony are just the latest example of increasingly sophisticated attempts to steal sensitive personal information. I thought it might be interesting to review the top 5 most expensive data breaches courtesy of the Cybercrimes web site. Here’s a list of the five most expensive data theft cases in the United States:

5. US Veterans Affairs – $25-$30 million
The names, birth dates, and Social Security numbers of 17.5 million military veterans and personnel were stolen in 2006 from a laptop that a Department of Veterans Affairs employee had taken home. The costs to the VA included money for running call centers, sending out mailings, and paying for a year of a credit-monitoring service for victims. The Ponemon Institute, a research organization in Traverse City, Mich., estimates the breach cost at least $25 million.

4. Heartland Payment Systems – $140 million
Heartland Payment Systems, a payment processor based in Princeton, N.J., was the victim of a major cyber attack in 2008. Criminals installed spying software on the company’s computer network and stole the numbers of as many as 100 million credit and debit cards. Albert Gonzales, a hacker from Miami, was accused of playing a critical role in the Heartland hack, as well as other massive data breaches of companies including retailer TJX, 7-Eleven, Inc., and the grocery chain Hannaford Bros. Co. Inc. In 2010, Gonzales was sentenced to 20 years in federal prison. The company paid about $140 million in fines and settlements but recovered tens of millions through insurance, Business Insurance reports.

3. TJX – $256 million or more
The Framingham, Mass., retailer that owns national chains including TJ Maxx and Marshalls, estimated that a 2007 data breach would cost the company about $25 million. But in the end, the total cost was at least 10 times as high.

Cyber criminals took more than 45 million credit and debit card numbers, some of which were used later to buy millions of dollars in electronics from Wal-Mart and elsewhere. Mr. Gonzales, who played a major role in the Heartland hack, was linked to this cyber attack as well.

2. Epsilon – to be determined
In March 2011, hackers stole millions of names and e-mail addresses from the Dallas-based marketing firm. Epsilon handles e-mail lists for major retailers and banks like Best Buy, JP Morgan, TiVo, Walgreen, and Kroger. A study by CyberFactors, a cyber risk analytics company, estimates that the breach could cost between $225 million and $4 billion, depending on what happens with the stolen data. However others offer a lower estimate: at least $100 million, with most of the lost costs going toward losing customers due to a damaged reputation. Because the stolen data was e-mail information, the costs won’t be as high as if financial information had been stolen

1. Sony – to be determined
The Sony data breach, which exposed information from more than 100 million user accounts in April, could prove to be the mostly costly data breach of all time. Hackers obtained personal information, including credit, debit, and bank account numbers in some instances, of PlayStation Network users and Sony Online Entertainment users. After discovering there had been a breach, Sony shut down both networks temporarily. Current estimates state the breach could cost Sony and credit card issuers up to a total of $2 billion.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: