The True Cost of a Data Security Breach: The Heartland Case Study

While not enough information has been released to know the full measure of the Heartland data breach, bits and pieces have come and and we can begin to understand the impact to a company that has a serious data security breach. Kevin Prince of Perimeter eSecurity touched on this subject in a series of data breach studies he has done over the past couple of years. In his examples, sometimes there seemed to be a clear relationship between a companies stock price and the announcement or public awareness of a data security breach. Other times the correlation could not be made.

Look for yourself in the case of Heartland in the attached graph of the Heartland stock ticker over the past year.

Not only did Heartland have approximately a 40% stock drop the day this was announced, the stock continued to drop for some time. Heartland recently announced their Q2 2009 financials which includes the cost and write-offs associated with the data security breach. [Article]

They specifically noted that $.32/share was the write-off amount associated with resolving issues with their data security breach. They said this was associated with the $19.4 million dollars it cost them to settle these issues. This resulted in a quarterly loss of 2.6 million ($.07/share) for Q2.

This also does not include the money they are putting into deploying end-to-end encryption which is their answer.

It should be noted that both Visa and Mastercard have said that Heartland was not PCI compliant at the time the breach occured.