Heartland breach expenses pegged at $140M -- so far
That amount includes $42M to fund future settlements
Computerworld - The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up.
Quarterly financial results released by Heartland last week show that the card payment processor has accrued $139.4 million in breach-related expenses. The figure includes a settlement totaling nearly $60 million with Visa, another of about $3.5 million with American Express and more than $26 million in legal fees.
That total also includes $42.8 million that Heartland has set aside to fund proposed settlements with several other litigants over the breach. One example of what the fund is set up for is Heartland's offer to settle several consumer class action lawsuits against it for $4 million.
So far, Heartland has recovered about $30 million from insurance companies. Even with the updated figures, Heartland so far has spent considerably less than the staggering $250 million that TJX Companies Inc. estimated it would eventually spend to address its massive 2006 data breach.
Even so, given the scope of the Heartland breach, in which an estimated 130 million credit and debit cards were compromised, it is likely that Heartland will end up spending more than TJX over time.
Heartland's disclosure of its breach-related expenses comes at a time when studies show that costs to companies from data breaches is steadily rising. The Ponemon Institute said it found the average cost per security breach incident in the U.S. in 2009 was $6.75 million. On average, companies spent about $204 per breached record, the study found.
Costs to companies from data breaches are significantly impacted by notification laws, the Ponemon study noted. In the U.S., the cost per lost record is 43% higher than the global average because of breach notification laws in 48 states.
Another big cost is the lost business due to lost or eroded customer trust following a data breach, the Ponemon study found. The negative publicity surrounding a data breach makes it costlier for customers to retain existing customers or attract new ones, the study found.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts