All the latest UK technology news, reviews and analysis
|
|
|
17 May 2007
TJX, the owner of TK Maxx, claimed in an earnings report today that the recent security blunder which exposed the credit card details of 45 million customers has cost the company $12m.
The earnings report also refers to a similar charge expected in the next quarter.
"On 17 January TJX announced that it had suffered an unauthorised intrusion(s) into portions of its computer systems that process and store information related to customer transactions," the statement said.
"In the first quarter of fiscal 2008, the company recorded an after-tax charge of approximately $12m, or $.03 per share, for costs incurred during the first quarter, which includes costs incurred to investigate and contain the intrusion, enhance computer security and systems, and communicate with customers, as well as technical, legal and other fees.
"In the second quarter, the company expects to continue to incur these types of costs related to the intrusion(s), which the company estimates will total $.02 - $.03 per share."
However, Paul Davie, founder of database security company Secerno, pointed out that the security blunder will cost much more than these estimates.
"The $12m charge does not begin to scratch the surface of the true cost of this breach. The issue of protecting confidential customer data is a time bomb that has been waiting to explode," he said.
"Given the lax attitude of some businesses in addressing data security, and the increase in targeted attacks on data by sophisticated criminals, it was only a question of time before a major breach of this type thrust the issue into the public eye."
Davie added that that figures from the Ponemon Institute suggest that the total direct and indirect costs of replacing a credit or debit card runs at $186 per card. Multiplied by 45 million this would take the damage to an "eye-watering" $8.3bn.
However TJX does go on to concede in a statement: "Beyond these costs, TJX does not yet have enough information to reasonably estimate the losses it may incur arising from this intrusion, including exposure to payment card companies and banks, exposure in various legal proceedings that are pending or may arise, and related fees and expenses, and other potential liabilities and other costs and expenses.
"The company will record known losses when they become both probable and reasonably estimable."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
A senior C# developer is required by a leading investment...
A senior JAVA developer is required by a leading financial...
A leading investment bank are looking for an AGILE JAVA...
A senior C# WPF F# developer is required by a leading...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Breach Costs Clarified
Mr. Davie's calculation of a total $8.3B cost estimate for TJX, based on the $186 per record cost found by Ponemon Institute's "2006 Cost of a Data Breach Study," is founded in a misunderstanding of that study. Many costs incurred due to a data breach are fixed, thus the costs to not scale, especially for a breach of the magnitude of TJX's. Dr. Ponemon has discussed this matter often in the wake of the TJX breach, and is on the record as predicting a total cost to TJX in the "hundreds of millions."
Posted by: Mike Spinney, Ponemon Institute 17 May 2007