Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: lyger (lygerattrition.org)
Date: Sat Oct 10 2009 - 18:10:26 CDT
(please reply to Sasha directly or to the dataloss-discuss list)
From: Sasha Romanosky <sromanosandrew.cmu.edu>
Date: Sat, 10 Oct 2009 17:02:16 -0400
Subject: Catalog of different kinds of breach costs?
Does anyone know of a catalog that details costs to companies resulting
a breach (e.g. fines paid to regulatory agencies, fees paid to lawyers,
state AGs, consumer redress, etc, etc)? It doesn't have to be complete,
representative of the different kinds of costs.
E.g: Heartland incurred $12.6M, about half of which went to visa/MC in
fines; TJX paid $525k from lawsuit with banks (in addition to $256M);
was fined $187,500 and $250,000 by health agencies; ... Bla bla paid $x in
total for idtheft monitoring; ...
I'm aware of the ponemon latop and data breach study, the little table at
http://blogs.zdnet.com/BTL/?p=5007 and the great work at dataloss
I'm particularly interested in any costs related to the investigation of a
breach, regardless of disclosure or not.
Dataloss Mailing List (datalossdatalossdb.org)
Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.