TK Maxx data breach costs could hit £800m

TK Maxx data breach costs could hit £800m

Security experts say costs will dwarf retailer's estimates

Article comments

The cost of the data breach at TJX, the parent company of UK discount retailer TK Maxx, could be as high as $1.6bn (£800m) - far higher than the retailer's own estimates, a security vendor has claimed.

Earlier this week, TJX admitted that the legal and and financial costs from the massive data theft disclosed in January have cost it $20m (£10m) in the first quarter alone.

Details of 45.6m payment cards were stolen from TJX in the world's biggest ever data theft. The stolen information included card details for an unknown number of UK customers taken from the retailer's computer systems in Watford, Hertfordshire.

But the estimate from security vendor Protegrity puts the bill for cleaning up the effects of the breach in the billions, a figure it has backed up with detailed cost calculations.

TJX recently took a $12m (£6m) after-tax charge on its accounts for the first quarter of 2007, a sum widely seen as underplaying the financial consequences of the data theft.

But according to Protegrity, the real costs will be racked up in a blizzard of simple issues that TJX will not be able to avoid, including the biggest of them all, contacting and helping customers. It assumes that each customer record will cost TJX $5 to service, and that 20% of those whose data was breached will request a credit watch. The result is a bill of $1.242bn (£621m).

Smaller costs include legal advice ($12m a year), internal investigations ($8.1m), public relations ($3.4m). More contentiously, Protegrity calculates that if 10% of the records are compromised by criminals, at an average cost of $50 per record, the charge back to TJX would be $228m (£114m) in direct costs. The probability of an exploit on any one record is said to be about one in three.

Surprisingly, official action against the company in the form of regulatory fines makes up only a trifling $1.5m (£750,000) of the total estimated hit.

The theft of customer data from the TK Maxx stores and other outlets run by TJX, is estimated to be the biggest such heist ever recorded. Attackers are believed to have broken into the company’s databases through unprotected wireless access points over a period of some months in 2006.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *