Cost of a Breach

The costs of breaches depend on many variables and are rarely publicized. In some cases, due to the staggering costs, public companies must report them to the stock market. In order to provide correct actual costs, the amounts below are taken from official fillings made with the Securities and Exchange Commission (SEC).


In 2007 TJX reported over 94 million credit card records compromised over a period of 18 months through a breach of their transaction processing systems. The snippet below is taken from the 2009 TJX SEC filling. The total cost to of the breach was later decreased to 156 million dollars.
TJX SEC fillings


The TJX breach in 2007 was the largest breach of all times.. until 2008. In 2008, Heartland (the fifth largest credit card payment processor in the United States) estimated that as many as 130 million credit cards have been compromised. According to the SEC filling shown below, the cost of the breach was 146 million dollars.
Heartland SEC fillings

Global Payments

In March of 2012, Global Payments confirmed that its systems have been breached. What initially seemed like a small intrusion, grew in size as the investigation progressed. From 1.5 million accounts to 7 million, and to an undisclosed final number. From a short time exposure, estimates grew 9-10 months. From initial estimates of card numbers and verification codes only, it grew to include cardholder personal information as well.
According to the SEC filling shown below, the current cost of the breach is 84 million dollars. However, more costs are coming as the report states that:
“This incident has had and will continue to have a financial impact on us due to the expense of consultants and other professional advisors engaged to conduct the investigation and remediate any discovered issues, the costs of remediating the breach and returning to the network lists of PCI DSS compliant service providers, assessments, fines or penalties from the card networks and state authorities, and the cost of the credit monitoring and identity protection insurance we provided.”
Global Payments SEC fillings


There are many other examples every year. Usually there are not that many records compromised, but it happens everywhere and it happens often. Companies don’t like to report these data breaches and they are usually only reported when required by law. While many breaches are never reported, many more remain undiscovered.

What's next?

I want to know more about Core Audit!
Great! Here are a few options:
  • Read more about Core Audit features, reports, etc.
  • Try our Online Demo and play with Core Audit right now
  • Ask for a Personal Demo from one of our experts and get all your questions answered
  • Download a Free Trial and experience Core Audit on your systems
I only want more information, not a product
Not a problem, here is a list of relevant pages, and we are always available to answer any question
  • How to prevent a database breach – Read
  • Fraud – Read
  • Hackers – Read
  • Rationalizing Oracle database auditing – Read
  • Oracle security checklist – Read
  • Oracle security – strengths & weaknesses – Read
  • Oracle database security – Read
  • Oracle database compliance – Read