Cost of PCI security breach could run to billions for retailer

The total cost of a 2006 security breach at American retailer TJX continues to mount this month as a class action suit brought by affected banks seeks $25 compensation per cardholder data jeopardised...a significant sum considering the TJX breach is estimated to have exposed more than 46 million records.

The true cost of this PCI security breach for TJX becomes clear when you understand the claim above is being made by just one associated of New England bankers. TJX can probably expect similar campaigns from national banks and associates, and could be facing a billion dollar settlement even before considering costs such as lost reputation and bringing IT security measures in to line with the PCI Data Security Standard.

All in all it’s estimated (by independent agency Forrester Research) that a cost of between $95 and $305 per lost record is incurred during a breach of this type, leaving TJX with a potential bill of US 4 billion or more. Even more conservative estimates are putting the cost of the breach at around a billion.

Even for a company of TJX’s size - which owns the TJ Maxx and HomeGoods brands, amongst many others - the cost of a Payment Card Industry Data Security breach can obviously be crippling. The irony is that, even for a large company such as TJX, the cost of securing against this breach would have been tiny in comparison to the eventual cost.

We think the TJX case clearly outlines the need for the Payment Card Industry Data Security Standard, compliance with which would almost certainly have prevented the TJX breach, at a cost millions of times less than that ultimately paid.

If your organisation handles credit card holder data you need to comply to the PCI Data Security Standard. contact us today to arrange a no obligation consultation.

 
copyright Evolution Systems Limited and trademark holders - click here for detailsspacerfooter
shadow
 
PCI DSS Compliance | About the PCI standard | PCI compliance for Merchants | PCI DSS FAQs | PCI DSS Self assesment
Online PCI DSS self assesment | Contact us