The [Maine] Bureau of Financial Institutions has issued a report on the costs of data security breaches to Maine banks and credit unions.
The study found that of the 75 financial institutions that responded, 71 were affected by a data breach since Jan. 1, 2007, incurring combined expenses totaling more than $2 million, according to a state press release.
Together, the breaches resulted in unauthorized or fraudulent transfers at 25 institutions, including 265 accounts and $75,000 at one institution.
(“ State: Data breaches tally $2M,” Mainebiz)
So let’s see..71 of 75 institutions in Maine were affected, although 53 of those were the Hannaford incident. (pdf page 19, printed page 13) One in three breaches resulted in fraudulent transfers. The Maine Data Breach Study can be found here. The report includes a clear summary of the state of the law in Maine, and comparisons with elsewhere. There’s really interesting data analysis, along with a copy of the survey used. I’m going to have to study this more.
It also includes (pdf 24, printed 18) an interesting cost summary, with 243,000 accounts impacted by Hannaford having an estimated cost of $1.6MM, or about $6.50 per customer. The highest cost per person/card/account is the TJX incident at roughly $9 per card. Which is a stark contrast to the generally used $187 number from Ponnemon surveys.
Does anyone have a count of how many states are embracing the New School model of breach reporting and analysis?