• Risk Factor
• Computing
• IT

Best Data Breaches Ever!

eWeek posted an on-line slide show listing the "Most Disastrous Data Breaches" since February 2005. They list 17 of them: 5 caused by outside hacking, 1 by insider theft, 5 by inadvertent posting of information, 5 by devices (laptop, memory stick) being stolen, and 1 caused by data being lost.

One of the seventeen listed was the discount retailer TJX. The company announced last week that the cost of its data breach last year that affected 45.8 million of its customers was likely to exceed $150 million, although given its previous estimates this is probably an underestimate of at least 100% or more. To quote TJX's press release:

In the second quarter of fiscal 2008, the Company recorded an after-tax cash charge of approximately $118 million, or $.25 per share, with respect to the previously announced computer intrusion(s). This charge includes $11 million (after tax), or $.02 per share, for costs incurred during the quarter, as well as a reserve of $107 million (after tax), or $.23 per share, for the Company's exposure to potential losses. This reserve reflects the Companyâ''s estimation of probable losses, in accordance with generally accepted accounting principles, based on the information available to the Company as of August 14, 2007, and includes an estimation of total, potential cash liabilities from pending litigation, proceedings, investigations and other claims, as well as legal and other costs and expenses, arising from the intrusion(s). In addition, TJX expects to incur future non-cash charges of approximately $21 million (after tax), or $.05 per share, that are not included in this reserve and could be recorded in fiscal year 2009. Together, these cash and non-cash charges represent the Companyâ''s best estimate of the total losses the Company expects to incur as a result of the computer intrusion(s).

And people still argue that organizational IT security rules are meant to be broken.