We’ve seen some impressive figures for the cost of data breaches, but what’s the cost of a FACTA breach? Has anyone seen any analysis of actual costs in resolved or settled cases?
Back in May 2009, Olive Garden settled a class action lawsuit stemming from alleged violations of FACTA. Because receipts included more than the last five digits of the customers’ credit card or debit card numbers, Olive Garden wound up offering affected customers a $9 voucher that could be used for an appetizer at any Olive Garden. How many people actually cashed in on them is unknown to me.
Maybe that started a trend in how to resolve some FACTA lawsuits. Today, The Associated Press reports:
An iconic Pittsburgh sandwich shop chain is offering free sandwiches as part of a lawsuit settlement over a credit card gaffe that exposed a customer to identity theft.
WTAE-TV reported Thursday that Primanti Bros. will give a free sandwich to anyone who can prove they used a credit or debit card to buy items at their South Side location during a 19-month period.
The offer stems from a lawsuit filed by a customer who noticed the expiration date of her credit card appeared on her receipt. That’s a violation of federal consumer protection laws.
Customers can get a free sandwich if they can show they used a card to buy food from the South Side store between July 28, 2008, and Feb. 19, 2010.
The Privacy Rights Clearinghouse has a fact sheet for consumers on FACTA.
But now I’m curious. I know that FACTA breaches can result in fines and the like and that there have been a veritable slew of FACTA lawsuits in the past three years, but what have FACTA breach cases actually cost businesses? Does the $204/per person figure from the Ponemon study apply to these breaches, too? If you know of any analyses, please use the Comments section to leave me a link to the study or analysis.