Report Estimates Data Breach Will Cost $406 Million

May 6, 2013

A new report shows that last year’s data breach of Utah health records was a costly mistake with far-reaching consequences. An independent analysis by Javelin Strategy & Research predicts that the total amount of fraud perpetrated could approach $406 million in costs. 

Among the 280,000 victims whose social security numbers were exposed in a data breach of a Utah Health Department server, Javelin Strategy & Research predicts that 122,000 of them will be victims of identity fraud. Senior Analyst for Security Risk and Fraud Al Pascual estimates that each victim will spend more than 770 dollars trying to resolve the fraud, and about 20 hours of time that they could have spent at work or taking care of children. 

“Consumers are going to spend about 2.5 million hours resolving these fraud cases, so there’s a serious financial impact to this particular data breach,” Pascual says. 

Beyond that, Pascual says, there are additional costs absorbed by the banks and the retailers who become involved in the fraud. The state itself has already spent about $9 million on security audits, upgrades and credit monitoring for victims. The Utah Department of Health announced last month that they are extending the free monitoring for another year. 

“These breaches have repercussions far beyond the organization that was breached, so it’s everyone’s responsibility to start doing something about it, because otherwise we’re all going to share the pain as well,” Pascual says.

So far, 10 breach victims have reported instances of fraud.  Pascual expects there is more to come.