Kirsten Stewart reports:
Utah’s 2012 health data breach — a security slip that exposed the personal information of three-quarters of a million residents to hackers — was a costly mistake.
The state has spent about $9 million on security audits, upgrades and credit monitoring for victims — and that’s just the beginning.
An estimated 122,000 victims will fall prey to identity theft, each spending an average of 20 hours and $770.49 resolving the fraud, predicts Javelin Strategy & Research. The total amount of fraud perpetrated, a cost largely borne by banks and retailers, could approach $406 million.
Read more on Salt Lake Tribune.
No, you really can’t say that because 1 in X become victims of fraud, in general, 1 in X victims of this breach will become victims of ID theft or fraud. I think it really depends on the criminals and whether their intentions were to hack for profit or hack just for the sake of hacking, hacktivism, or bragging rights. It could be zero victims or it could be hundreds of thousands. Do we really need the hype?
IThe $9 million may not be the total costs for the breach, but then again, it may turn out to be close to the total. And $9M is bad enough.