TJX, Hannaford Cost Maine Institutions $2 Million-Plus

New Data Breach Study Examines Costly Aftermath of Hacks The combined cost of the TJX and Hannaford data breaches on 75 Maine financial institutions totaled more than $2 million, showing the substantial financial impact of a data breach.

This cost was discovered in a recent study by the Maine Bureau of Financial Institutions and makes the case for more stringent data protection.

The first-of-its kind report examined the impact of data security breaches on Maine banks and credit unions. The Maine Data Breach Study identifies the various consumer protection steps taken by financial institutions in the aftermath of a breach and shows the subsequent costs to the institutions in dealing with breaches.

This study reveals the impact a large-scale data breach has on Maine banks, credit unions and their customers. The cost to institutions in terms of costs and the drain on employee resources can be substantial.

The Toll

Since January 1, 2007, there were two major data breaches that affected Maine financial institutions: the TJX data breach, reported in January 2007, and the Hannaford Bros. grocery store chain data breach, reported in March 2008.

In the study, 75 institutions participated -- 50 credit unions and 25 banks. Of the 75 institutions, 71 reported being affected by at least one data breach since January 1, 2007 and incurred combined expenses totaling approximately $2.1 million. The Hannaford breach had the largest impact and affected the most institutions --71, and had the highest number of affected account holders, 243,599, as well as the largest cost, $1.6 million.

For the TJX breach, 49 of the 52 affected institutions reported they reissued cards, with costs ranging from a low of $60 to a high of $32,146. For the Hannaford breach, 70 of the 71 affected institutions reported they reissued cards, at a cost ranging from a low of $250 to a high of $58,278.

The study shows that many financial institutions decided to re-issue all customer cards. In a few cases, institutions gave customers the option of having their cards replaced. The majority of financial institutions reported no unauthorized or fraudulent transfers. Of the 71 affected financial institutions, 25 reported unauthorized or fraudulent transfers. In one case, the unauthorized activity involved only one account and, at most institutions, fewer than 25 accounts.

At one institution, the accounts that may have been subject to fraudulent transfers due to the breach was 265, and the amount subject to unauthorized or fraudulent transactions was $75,000.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.