70 million compromised customer records. 40 million compromised credit and debit cards. So far, $71 million in lost revenue. But Target can still expect to pay a lot more than that.
At an average cost of $188 per compromised record (Ponemon Institute), we can estimate this breach to reach costs of $7.5 to $13.2 billion. That’s a hefty price tag for an avoidable human mistake.
And that doesn’t include the costs (to date) of the 80+ class action suits, 4 civil suits, and 1 derivative suit brought by a shareholder. And although their stock has been doing pretty good, that could have something to do with fancy PR footwork…
We also have to consider the business disruption costs associated with the investigations being completed by the Department of Justice and the Secret Service. And then there is the FTC (Federal Trade Commission) investigation which alone could result in fines upwards of $1.1BN according to an estimate by Jefferies, an equity research company.
But the cost that is perhaps hardest to quantify is the loss of business goodwill. Target may not realize the true cost of this breach to its reputation for a long time to come. And that could be considered the most disconcerting aspect of a data breach: the immediate repercussions, are only the beginning.
But is Target the only one paying the price? Obviously not. For one, financial institutions have already flipped a bill for over $200 million in related costs.
We can’t ignore that the 70 million Target shoppers are ultimately the victims of this breach. From the inconvenience of cancelled cards, new bank imposed restrictions on spending limits and types of transactions, to the increase in uneasiness about using credit and debit cards at even the largest retailers, the effects are very real.
And then of course there are the very concerning probabilities of financial fraud and identity theft. Some are already feeling this pain, others may not feel it for months or even years to come.
But does it end there? Hardly. The impact of a breach like this truly affects everyone. How? As quoted by NYTimes.com:
“This [breach] will impact many Target business partners — Visa, MasterCard and the host of banks and credit agencies that now have to keep an eye on the 110 million customers now vulnerable to identity theft,” said Hemu Nigam, founder of SSP Blue, a security and privacy consulting firm. “It affects more than Target customers. It affects mortgage lenders and car sales. It affects the entire economic infrastructure.”
In a nutshell, a data breach doesn’t cost just the value of data stolen. And it doesn’t affect just the company that was hit. It affects their business partners and their customers too.
And what affects the consumer has a domino affect on the economy. For example, identity theft and fraud lead to degraded credit scores. Which leads to people’s inability to obtain financing. Which means they can’t buy that new car or get a mortgage. Which inevitably affects car sales and real estate transactions.
But we think our slick infographic sums it up pretty well too.