As we continue to dissect the massive data breach at Target, we’re going to learn lots of lessons. But probably the biggest lesson you can take away from it is that if it can happen to Target, it can certainly happen to you. Even if it’s on a much smaller scale, it could still be big enough to matter to you.
With more than 360,000 employees, Target’s annual IT security budget is probably in the hundreds of millions of dollars. Yet in spite of that investment, and despite having the very best security money can buy and thousands of dedicated security professionals working around the clock, the company still managed to fall victim to one of the most devastating attacks in history.
And apart from the hit the company will take on its reputation and brand, security experts expect that the cost of just responding to the data breach could be huge. According to the Ponemom Institute, the average cost of a data breach now works out to around $188 for every record exposed. That includes the costs of investigations, incident response, free credit monitoring for customers if needed, and the loss of customers.
At more than 40 million records exposed, Target’s final bill could easily reach into the billions of dollars. And that won’t include the cost of lawsuits, fines and other penalties. Within a week of the announcement of the breach, at least three class-action lawsuits had already been announced. And also in less than a week after announcing the breach Target revealed that customer traffic had fallen almost 4% compared to this time last year – in spite of being the busiest shopping time of the year.
It’s also worth remembering that while many breached companies claim that there’s no evidence the stolen data has been used to steal the identities of victims, research suggests otherwise. A company called Javelin Strategy and Research claims that one out of every four consumers who receive a notice that they’ve been a victim of a data breach will become a victim of identity theft.
And within 24 hours of the announcement of the target breach, security experts like myself were already seeing hackers selling stolen target credit cards for up to a $100 per card.
In fact, experts are saying that there is now so much stolen information available on these underground card forums – hundreds of millions of record – that the prices are being driven down. For example:
As we continue to watch the fallout from the Target breach, we’ll also be looking for more insights and lessons to share. And maybe that’s the only good news – that every major breach provides free lessons for smaller firms who want to avoid becoming even a tiny version of such a major security incident.