An Ounce of Prevention

Just last week we posted about an internal NSA document from 1991 which predicted the massive 2013 data breach by Edward Snowden.  The document stated that:  “A relatively small number of system administrators are able to read, copy, move, alter, and destroy almost every piece of classified information handled by a given agency or organization.”

There’s been yet another example of how accurate this statement is, from this weekend.   Credit-card data for over 20 million customers in South Korea has apparently been leaked by a consultant working for the Korea Credit Bureau (full story here:  http://www.scmp.com/news/asia/article/1409314/20-million-south-korean-bank-card-users-fall-victim-personal-data-leak).

The consultant has been arrested and charged with obtaining the data, which includes customers’ names, social security numbers, phone numbers, credit card numbers and expiration dates, while working for the Korea Credit Bureau, and selling the data to phone marketing companies.  The breach is believed to affect approaching half of the country’s population.

The country’s Financial Supervisory Service said that “credit card firms will cover any financial losses caused to their customers due to the latest accident.”  But even before any fine is levied for the loss of the records, the costs of this breach could be astronomical.  A 2013 Ponemon survey put the average international cost of a data breach at $136 per compromised record, in a range from $42 per record in India, to $191 in Germany.  These costs include expenses such engaging forensic experts, in-house investigations and providing free credit monitoring subscriptions and discounts for future products and services.

Even if the costs in South Korea are at the low end of that range, that puts the overall bill at a billion dollars.  As Benjamin Franklin famously said, an ounce of prevention is worth a pound of cure.