Security experts believe that the security breach that Target suffered in late 2013 might cost considerably more than the $ 162 million initially estimated by the company in its annual report that same year. Target said that in fact it has accumulated $191 million of gross expenditure in 2014 to manage the consequences of the breach of security, after the $17 million of net expenses in 2013 – after compensation by insurance, and $46 million of future compensation.
But spending could progress even further, because a judge has given the green light to financial institutions to continue their quest for compensation by Target for their own financial losses caused by the attack. That verdict could open Target up to a whole slew of court cases, settlements, and ultimately, expenses.
And the continuation of other proceedings against the company received the legal green light last January: a collective case brought by customers claiming to have been harmed by the breach that made their personal data vulnerable. Up to 70 million Target customers may have been affected by the security breach that was followed by the resignation of the RSSI of the company.
The breach may have allowed the collection of personal data including the name, address, email address, and phone number of customers, as well as the details of 40 million credit and debit cards. Up to three million payment card details are suspected to have been sold on the black market and used fraudulently before the banks managed to cancel the others.
“Taking into account the pending claims, the cost of the incident could exceed one billion dollars,” said Eric Chiu, president and co-founder of HyTrust. For him, “this could serve as a strong example to show that companies need to place data security as a top priority, especially around internal threats which is how most breaches occur today.”
Targeted phishing attacks have recently been identified as the initial step in what has been described as the most daring digital breach to date and which has led financial institutions worldwide to lose $ 1 billion. Steve Hultquist, chief evangelist at RedSeal, for its part considers that significant investment in proactive security analytics and process improvement have produced good results at Target.
“Invest now or pay later. This is the message that we are all taking from the Target incident. Making strategic investments now is a wise preventive measure to keep the organization and its customers safe.”
In its financial results forecasts for the last quarter of 2014, Sony estimated $15 million in costs of investigation and remediation related to the attack on its Sony Pictures subsidiary by the end of the year. But like Target, many feel that the actual costs will be considerably higher, and this number does not take into account any fines, costs of legal proceedings, and damage to the company’s reputation.
For its part, Home Depot, another victim of pirates last year, said they suffered a net expense before tax of $35 million for the attack which it experienced. But the group acknowledges that they are again, for now, unable to estimate certain costs attributable to that attack.