While the news may have cooled on last year’s breaches, the financial repercussions continue to be felt by affected companies.
Late last year, a study by NetDilligence, a data breach risk assessment and services company, shows that the average payout for large companies, based on reported insurance claims, was $2.9 million US. In a prior blog post, we’ve talked about the hard bottom line that companies face in terms of profit losses, insurance payouts, and the cost of last-minute but often overdue security updates, as well as the harder to measure but equally important hit to public perception.
But as government agencies wake to the wide-ranging issues of data breaches and class action lawsuits start getting filed, payouts will only increase.
Target suffered a massive breach back in 2013 and since been sued by MasterCard issuers over the damage done. On April 15, a settlement was announced that would see issuers receiving up to $19 million US if 90% or more of the issuers accept the offer. There is also a planned consumer settlement that will see $10 million US put in escrow that will pay up to $10,000 per person for losses they can document.
Meanwhile AT&T has been fined $25 million US by the Federal Communication Commission. During an FCC investigation that ran from November 2013 through April 2014, it was discovered that employees in Mexico, Columbia and the Philippines were accessing and sharing the customer data (which included names and at least four digits of customers’ Social Security numbers) of up to 280,000 mobile customers. The stolen information then made its way to thieves that used the data to unlock stolen phones and mobile devices. The payout will go towards paying for credit monitoring services and AT&T has committed to hiring a compliance manager that will not only conduct a privacy risk assessment but also spearhead the implementation of a new information security program.
The need to safeguard data has never been higher as the fallout costs for data breaches continues to climb. Whether the information gets out because a hacker pierces weak defences from the outside or from inside actors working against both client and corporate interests leak personally identifiable information, the information is out there and can be leveraged into fraud in a multitude of settings.
Next week, NuData Security will be on site for the 2015 RSA Conference at the Moscone Center in San Francisco from April 20-24th. Come visit us at booth 4315 in the North Hall!