Ninth Prediction for 2008
TJX’s Security Breaches Will Force it to Go out of Business or to Merge with Another Company
This blog entry is the ninth related to my ten predictions concerning events and trends that I have gone on record as saying will happen in 2008. This prediction is:
9. The financial and legal repercussions of TJX’s data security breaches will snowball to the point that this company will be forced to sell itself or to merge with another company just to survive.
TJX experienced the all-time largest data security breach involving payment card information. Somewhere between 46 million (according to TJX) and 94 million (according to credit card-issuing banks) customer credit cards were compromised as the result of a remote computer break-in at TJX that, unbelievably, no one discovered for over 18 months. The incident has led to numerous cases of identity fraud as well as lawsuits by credit card issues and individuals.
TJX is a huge corporation with massive financial assets, making it difficult to imagine how such a giant could go out of business or be forced to merge with another corporation to stay in business.
Could losses of a magnitude that could force TJX out of business occur? Forrester Research gave the first inkling of this possibility by predicting that TJX’s incident could ultimately cost this corporation $1 billion, a number that initially proved to be the basis of considerable debate. Forrester’s prediction is, however, becoming less controversial as TJX’s incident-related costs have soared.
TJX itself has reported that it has by now spent or put aside approximately $250 million in connection with the incident. This estimate (like all the rest of TJX’s estimates in connection with its data security breaches so far) is almost certainly an underestimate. And there is much more in store for TJX, both of terms of still unsettled lawsuits and penalties to be assessed for TJX’s having been found to be in violation of PCI-DSS standards.
Furthermore, the negative impact upon TJX’s public image is difficult to assess, but it is not difficult to imagine that it has been large.
Finally, it is important remember that there is a precedent for a large company having to sell itself out as the result of massive data security breaches. Card Systems Solutions was forced to sell out to Pay by Touch in the aftermath of its then record number of data security breaches several years ago.
I truly hope that TJX will not go out of business; it is a real shame that the possibility of going out of business even exists.
The big lesson learned out of this whole mess is that senior management must genuinely wake up to the need for effective security risk management. Once security breaches of the magnitude of the ones experienced by TJX actually occur, senior management gets a dramatic wake-up call, so to speak, but by then it is often too late.
February 6th, 2008 at 4:27 am
Gene
It looks like CIO and Wall Street differ in your assessment and see the above more as a glitch in the company’s trading and that the billion dollar loss amounts to no more than the equiavlent of a “parking ticket”
How TJX Avoided Wall Street’s Wrath
http://www.cio.com/article/179603
Brian