Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/15/2007
10:29 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

MAXXED-Out

There are important small to mid-size business lessons in the big biz security breach at TJ MAXX. Chief among them: no matter how costly a security breach looks at first, it's going to get worse.

There are important small to mid-size business lessons in the big biz security breach at TJ MAXX. Chief among them: no matter how costly a security breach looks at first, it's going to get worse.The identity theft debacle cost MAXX around $5 million in the last quarter of 2006, and $12 million in the first quarter of this year, leading parent company TJX execs to project a 2-3 cent a share charge for the data theft fiasco.

Ooops.

Figures just in are running ten times that high, with second quarter costs climbing to $118 million.

Total cost could be in the billions.

Admittedly, this is a big company's big problem -- arguably the largest consumer data breach ever -- and carries big bills. But that's just a matter of degree.

Take a look at the various costs of the data breach: investigating and eliminating the vulnerabilities that allowed the breach in the first place, notifying customers whose information was compromised, legal costs to determine exposure and legal costs to deal with the exposures and likely lawsuits. And on and on.

When you're considering your own security issues, give some extra thought to those aspects of your business that, if compromised, could most dramatically expose you to this sort of nightmare. Customer and employee personal and information should be at the head of the list, with vendor and partner proprietary data not far behind. Put rules and systems in place to protect that information at all costs -- because "at all costs" will cost less than not doing so.

Odds are you don't have hundreds of millions of consumer credit card records in your system. But the odds are equally good that it would take a lot less than a hundred million dollar security nightmare to bring your company down.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...