Stolen papers cause data breach
.jpg)
You built your company with singular vision, always investing in the latest equipment and technology to keep you out front. Years of work and now you have 400 employees and robust systems throughout the manufacturing business.
Then the FBI called. Hundreds of fraudulent tax returns had been filed to the IRS by “employees” claiming to work for you. You can’t believe it — your systems are secure and well-protected. But now it’s your name, your company and your people at risk.
You hired an investigator to determine how this information got out. Turns out a criminal stole a box of paper W-2 forms as they were being moved to storage. One box with 298 pieces of paper contained everything the thieves needed. You paid for credit monitoring for your employees but someone tipped off the local media and the story was out. Now you had to protect your business and reputation so you hired a public relations firm to help contain the crisis.
Investigators, credit protection, lawyers, crisis consultants - all because of an old box of papers.
According to the NetDiligence® Data Breach Cost Calculator* the estimated costs of the 298 lost records for the manufacturer could be:
.jpg "Estimated Costs of Lost Records")
An average event of this type impacts 28,000 records driving the average cost to a business to $1,700,000.**
Risk Management Tips:
- An information retention policy should be established and include guidance on what types of information should be retained, how long it should be retained and procedures for destruction of unneeded data.
- New hire training and regularly scheduled refresher training courses should be established in order to instill the data security culture of your organization.
- Create, implement and test an incident response plan.
Aftermath of a retail credit card hack
You deal with a lot of issues as head of a $30 million local retail chain. This time the credit card company called to inform you that they had identified 50,000 credit cards used legitimately at your business were later compromised. That’s 50,000 of your customers.
Hackers were suspected to have penetrated the point of sale system. The Payment Card Industry Agreement required you to hire a certified forensic investigator to examine the systems and related infrastructure. And costs piled up as you notified the 50,000 customers and paid for credit monitoring on their accounts. Beyond that, the news hurt your business and your reputation. Customers were angry and some got together and filed a class-action lawsuit. Legal fees just continued to mount.
According to the NetDiligence® Data Breach Cost Calculator* the estimated costs for this event for the retailer could be:
An average event of this type could drive the average costs up to $5,900,000** for a business.
Risk Management Tips:
- Maintain and frequently review compliance obligations under the Payment Card Industry (PCI) Agreement.
- Consider implementing end-to-end encryption of credit card transactions.
- Employ a chief information security officer (CISO) to develop and implement your business-wide data privacy procedures.
*The NetDiligence® Data Breach Cost Calculator and other tools are available to insureds on the Travelers’ eRisk Hub®.
**Ponemon 2015 Cost of Data Breach Study, NetDiligence Cyber Claims Study 2014
eRisk Hub is a registered trademark of NetDiligence.
Coverage for all claims and losses depends on actual policy provisions. Availability of coverage depends on underwriting qualifications and state regulations.
Denial-of-Service attack disguises data hack on bank
You wanted to show a new client the bank’s online banking features but nothing was happening. At first you thought it may be internet connection issues. It wasn’t.
It seems computer hackers commenced a distributed denial-of-service attack (DDos) to the bank’s website as a smoke screen to hack into the network to get names, user access codes and passwords to financial accounts. And this attack shut down the online banking system for three days.
The bank’s backup systems couldn’t handle the volume. Customers got frustrated and every hour the bank lost business. Notifying customers and investigating the nature and extent of the attack was just the beginning. A community bank like yours thrives on trust and trust was wearing thin.
According to the NetDiligence® Data Breach Cost Calculator* the estimated costs for this event for the Community Bank could be:
This does not include the loss of business income the bank suffered during the attack. And an average event of this type could drive the average costs up to $2,800,000** for a business.
Risk Management Tips:
- Create, implement and test a business continuity plan and disaster recovery plan.
- Implement an intrusion detection system on your network.
- Have a secondary system available for online access and ensure this system is regularly tested for functionality.
*The NetDiligence® Data Breach Cost Calculator and other tools are available to insureds on the Travelers’ eRisk Hub®.
**Ponemon 2015 Cost of Data Breach Study, NetDiligence Cyber Claims Study 2014
eRisk Hub is a registered trademark of NetDiligence.
Coverage for all claims and losses depends on actual policy provisions. Availability of coverage depends on underwriting qualifications and state regulations.
One lost laptop can equal one data breach
You’re exhausted after a full day of patients and procedures and you still face a mountain of paperwork. But it’s Friday night, so you decide you’ll take your laptop home, update the records over the weekend and start fresh on Monday. The laptop contains an unencrypted database of 550 current patient records with protected health information, including names, Social Security numbers and insurance information. Everything you need to catch up.
After a train ride you are finally home. That’s when you notice you left your computer on the train. You didn’t know it yet, but for the hospital the story was just beginning. The data on the laptop was completely unsecured … no password protection or remote take down capabilities.
Under HIPAA/HITECH guidelines, the hospital had to report the breach, notify all the affected individuals and in addition the hospital put credit monitoring in place for each of them. Later, after a federal investigation, the hospital was fined as a result of the HIPAA violations.
According to the NetDiligence® Data Breach Cost Calculator* the estimated costs of the 550 lost records for the Not for Profit Hospital could be:
An average event of this type impacts 28,000 records driving the average cost to a business to $3,100,000**.
Risk Management Tips:
- Implement procedures for using effective passwords and mandate periodic changes.
- If protected health information (PHI) is stored on laptops you should consider implementing security measures including encrypting the information and having remote disabling capabilities.
- Consider storing PHI on a central server and access via a secure connection.