TD Ameritrade's case shows us that a relatively "low-profile" data breach can still cost millions When your job involves securing company information with data protection tools like laptop encryption software from AlertBoot, a question that often pops up is, "How much damage can it prevent?" In other words, what is the cost of a computer security breach? People are interested, in part, because they want to find how much bang they're getting for their buck. For example, if, for $1 from you, I insure you for $1 million, you'd be crazy not to jump at that chance. The problem with the question, though, is that nobody really knows how much damage can be incurred from a data breach. For example, take something as inconsequential as e-mail addresses.
When your job involves securing company information with data protection tools like laptop encryption software from AlertBoot, a question that often pops up is, "How much damage can it prevent?"
In other words, what is the cost of a computer security breach? People are interested, in part, because they want to find how much bang they're getting for their buck. For example, if, for $1 from you, I insure you for $1 million, you'd be crazy not to jump at that chance.
The problem with the question, though, is that nobody really knows how much damage can be incurred from a data breach. For example, take something as inconsequential as e-mail addresses.
If you'll recall, TD Ameritrade found it was hacked a couple of years ago, and a bunch of (OK, millions of) customer e-mail addresses were compromised. That was it. No SSNs, no account numbers, no data of truly sensitive value was stolen. I mean, e-mail addresses. C'mon. I've forgotten about more e-mail accounts than I care to admit to, and I already get hundreds of spam-mail messages each day on the ones I still use. If my e-mail address is lost by a company I do business with, my reaction would be "meh. So what?" Now, this is not to say that one can't commit crime with just e-mail addresses. In a numbers game, it pays off to phish active accounts vs. dormant ones, or to send e-mail to people who've got money (if you've got a brokerage account, one assumes you're somewhat OK in the finance department). But, if you're using e-mail, you know what the risks are and have to be on the lookout.
If you'll recall, TD Ameritrade found it was hacked a couple of years ago, and a bunch of (OK, millions of) customer e-mail addresses were compromised. That was it. No SSNs, no account numbers, no data of truly sensitive value was stolen.
I mean, e-mail addresses. C'mon. I've forgotten about more e-mail accounts than I care to admit to, and I already get hundreds of spam-mail messages each day on the ones I still use. If my e-mail address is lost by a company I do business with, my reaction would be "meh. So what?"
Now, this is not to say that one can't commit crime with just e-mail addresses. In a numbers game, it pays off to phish active accounts vs. dormant ones, or to send e-mail to people who've got money (if you've got a brokerage account, one assumes you're somewhat OK in the finance department).
But, if you're using e-mail, you know what the risks are and have to be on the lookout.
However, not everyone feels the same way, apparently. TD Ameritrade has announced that they're going to settle for almost $2 million in legal fees. Plus, they'll be covering the cost of one year of anti-spam services. Not all 6 million of the affected will sign up for it, certainly, but assuming that 10% of them do, and TD Ameritrade was able to negotiate the price of the services to $10 a person, it still means an expense of $6 million. $8 million total because of stolen e-mail addresses.
However, not everyone feels the same way, apparently. TD Ameritrade has announced that they're going to settle for almost $2 million in legal fees. Plus, they'll be covering the cost of one year of anti-spam services.
Not all 6 million of the affected will sign up for it, certainly, but assuming that 10% of them do, and TD Ameritrade was able to negotiate the price of the services to $10 a person, it still means an expense of $6 million.
$8 million total because of stolen e-mail addresses.
Related Articles and Sites:http://www.chicagotribune.com/business/sns-ap-us-broker-data-theft,0,6059556.story