This Blog

Home
Contact

Syndication

AlertBoot Endpoint Security

Data Breach Cost: VA Agrees To Pay $20 Million For Lost And Recovered Laptop

The US Department of Veteran Affairs has decided to settle a class-action suite that was filed in response to the theft of a laptop and external hard disk from a VA employee. The computer did not feature laptop encryption software nor was there any type of file encryption program protecting the contents.

The settlement of $20 million will be used as reparation for vets who can prove that they were harmed by the data loss. For example, maybe they suffered from emotional distress or signed up for credit monitoring, meaning there was a cost borne by the victims.

The total number of veterans' records was 26.5 million. To date, no veteran has come forward to say that they were negatively impacted by the loss and recovery of the laptop.

(But then, with so many companies losing information left and right, how's one to know who's responsible for a particular name showing up on fraudulent mortgage applications?)

What are the implications here?

The suit, filed in 2006, had initially asked for $1,000 for each veteran that was put at risk. Obviously, that was never going to fly. With 26.5 million names, it would have meant 26.5 billion dollars. That's nearly half of Microsoft's revenues in 2007. That was a pretty extreme request.

On the other hand, this settlement is also extreme. It resolves to about $0.75 per name. It's so little, considering how much time one must spend on the phone sorting out everything. On the other other hand, $20 million is nothing to sneeze at. That's a serious hit to any organization's pocket. Besides, what's the point of squeezing more money out of the VA? It's ultimately tax payer money, ain't it?

Chances are, there's a (un)happy medium somewhere out there, and most companies won't see such artificially depressed monetary settlements like the VA. For example, if a Fortune 100 company is sued, and the number of people affected was 10,000, chances are no one's going to settle for $7,500. That's $7,500 total.

Instead of using the above, it looks like the cost of data breaches should still rely on previously reported data.

Published Jan 30 2009, 12:05 AM by sang_lee

Filed under: cost of software security breaches, cost of computer security breach, cost of endpoint security breaches, cost of lost laptops

<Previous	Next>
USB Data Encryption: A Timely Example of An Information Security Breach	Data Encryption Software Not Used In Stolen GOSH UK Children's Hospital Laptop

Comments

AlertBoot Endpoint Security said:

It's official. The judge overseeing the VA lawsuit has approved the settlement of $20 million. If

February 10, 2009 11:07 PM

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.

This Blog

Syndication

Recent Posts

Tags

Archives