UK data breach could cost banks $500M, says Gartner
- 27 November, 2007 12:17
Banks in the UK could end up spending upwards of US$500 million to deal with the aftermath from the recent loss of computer disks containing bank account and other personal data belonging to about 25 million people, according to analyst firm Gartner.
The amount is the total that banks might have to spend to close and reopen millions of bank accounts and reissue debit cards to affected customers, Gartner analyst Avivah Litan said in an alert released last week.
The figure is based on a conservative estimate of US$20 per account, which is how much it would cost a US bank to close down and reopen a bank account following a data breach, Litan said.
The UK's HM Revenue & Customs tax agency last week disclosed that it had lost computer disks containing large amounts of confidential information, including names, addresses, dates of birth and bank account information belonging to nearly a quarter of the country's population.
The huge media attention the breach has received makes its much more likely than normal that the stolen data could actually get misused, Litan said. As a result, UK banks are also much more likely to take emergency measures to mitigate that risk.
Heightening the concern is the fact that fraud resulting from compromised bank account information is often harder to detect than payment card fraud, Litan said. Typically, bank account compromises can result in account hijacking or so-called automated clearinghouse fraud, where a data thief uses compromised bank account and routing numbers to initiate payments from a customer's account to his own, she said.
Detecting such transactions can be hard, especially given the scale of the recently disclosed breach, Litan said. At the best of times, "probably the system with the weakest protections against fraud is the account transfer system" between banks, she added.