Catalog of different kinds of breach costs?

[lyger <lyger () attrition org>]

(please reply to Sasha directly or to the dataloss-discuss list)

From: Sasha Romanosky <sromanos () andrew cmu edu>
To: dataloss () datalossdb org
Date: Sat, 10 Oct 2009 17:02:16 -0400
Subject: Catalog of different kinds of breach costs?


Does anyone know of a catalog that details costs to companies resulting 
from
a breach (e.g. fines paid to regulatory agencies, fees paid to lawyers,
state AGs, consumer redress, etc, etc)? It doesn't have to be complete, 
just
representative of the different kinds of costs.

E.g: Heartland incurred $12.6M, about half of which went to visa/MC in
fines; TJX paid $525k from lawsuit with banks (in addition to $256M); 
Kaiser
was fined $187,500 and $250,000 by health agencies; ... Bla bla paid $x in
total for idtheft monitoring; ...

I'm aware of the ponemon latop and data breach study, the little table at
http://blogs.zdnet.com/BTL/?p=5007 and the great work at dataloss 
regarding
lawsuit fees.

I'm particularly interested in any costs related to the investigation of a
breach, regardless of disclosure or not.

Thanks,
sasha

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php