BreachExchange mailing list archives
Catalog of different kinds of breach costs?
From: lyger <lyger () attrition org>
Date: Sat, 10 Oct 2009 23:10:26 +0000 (UTC)
(please reply to Sasha directly or to the dataloss-discuss list) From: Sasha Romanosky <sromanos () andrew cmu edu> To: dataloss () datalossdb org Date: Sat, 10 Oct 2009 17:02:16 -0400 Subject: Catalog of different kinds of breach costs? Does anyone know of a catalog that details costs to companies resulting from a breach (e.g. fines paid to regulatory agencies, fees paid to lawyers, state AGs, consumer redress, etc, etc)? It doesn't have to be complete, just representative of the different kinds of costs. E.g: Heartland incurred $12.6M, about half of which went to visa/MC in fines; TJX paid $525k from lawsuit with banks (in addition to $256M); Kaiser was fined $187,500 and $250,000 by health agencies; ... Bla bla paid $x in total for idtheft monitoring; ... I'm aware of the ponemon latop and data breach study, the little table at http://blogs.zdnet.com/BTL/?p=5007 and the great work at dataloss regarding lawsuit fees. I'm particularly interested in any costs related to the investigation of a breach, regardless of disclosure or not. Thanks, sasha _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Catalog of different kinds of breach costs? lyger (Oct 10)