back to article Home Depot hacker hosing cost a wallet-draining $43m (so far)

Hacked hardware mart Home Depot has forked out $43m to quash spot fires emanating from the data breach inferno this year, SEC filing documents show. The payout covered damages from the theft of 56 million payment cards and 53 million email addresses. It covered the cost of investigating this year's five-month-long breach, …

  1. Anonymous Coward
    Anonymous Coward

    $43m is peanuts

    But I wonder what the hard cash value is of the reputational damage, from customers choosing not to buy because their details were compromised by Home Depot?

    With 53m customers affected, that must be close to all customers of the company. Home Deport have sales of close on $80bn a year, if only half of one percent of customers go elsewhere then that's $400m of revenue lost, and with Home Deport gross margin of around 33% that translates to lost margin of $132m in year one, whilst operating costs remain essentially static. Even if those half of one percent bleed back to Home Deport over three years then the margin losses are going to total around $220m. Obviously if you get to larger but still feasible numbers, say 3% deciding not to shop, then on the same basis Home Depot's losses are $1.3bn over three years.

    Moral of the story to big company CIOs (and today's El Reg Statement of the Bl**ding Obvious): The value at risk in a data breach is many multiples of the short term direct costs of fines and compensation. You did factor that into your discussion with the board about investing in IT security, didn't you? On the plus side, if Home Depot's anything to go by, you won't get fired, and next years bonus will probably be as generous and undeserved as last years.

    1. Mark 85

      Re: $43m is peanuts

      What you say is possible, but customers seem to have short memories. Visit a Target store. They're back pitching their "Red Card" and folks are using it left and right. Personally, I think those customers are nuts as there's no guarantee that Target has fixed anything other than some PR and is another data breach waiting to happen.

  2. Mystic Megabyte
    Unhappy

    Double bad luck

    "Home Depot has forked out $43m to quash spot fires "

    They got hacked and caught fire?

    1. Trevor_Pott Gold badge
  3. Anonymous Coward
    Anonymous Coward

    Home Depot?

    or Home Repo?

    How does the cost of repairing the damage compare with doing it right in the first place?

    1. Trevor_Pott Gold badge

      Re: Home Depot?

      That's not how it's analysed by CxOs. They ask "how likely is it to happen to us?" Then they balance cost versus perceived risk.

      So let's say that this whole fiasco woudl have cost $35M to avoid in the first place by doing security right. Currently costs are at $43M, with that likely to reach $250M by the time it's all done.

      So, that same $35M, invested into something else - let's say Apple stock - over the 10 years it would have taken to spend that all and evolve their systems into something properly secure (these sorts of security issues are cumulative and the result of organic growth and lack of joined up planning.) Is the rate of return equal to or higher than $250M? And what is the likelihood you'll see be hacked, even with bad security?

      Understand that Home Depot may well still be financially ahead after this hack, despite the high headline numbers. That's what's the most horrible about all of this.

  4. Anonymous Coward
    Anonymous Coward

    A hard lesson

    Cutting corners without properly understanding the consequences is getting very, very pricey. I'd imagine the real cost won't be the 45 million, but the reputational damage that is harder to quantify and will drip on for years - people are getting much harder nosed about companies that play fast and loose with their data.

  5. Anonymous Coward
    Anonymous Coward

    It doesn't matter...

    ...how you spin it, hackers are costing consumers billions of dollars per year as these hacking costs are rolled into higher prices for all goods and services.

  6. Anonymous Coward
    Anonymous Coward

    The only good hacker...

    ...is a dead hacker.

    1. Trevor_Pott Gold badge

      Re: The only good hacker...

      And fuck you too. Half the commenters on this site qualify as hackers. Myself included. And no matter the colour of their hats, nobody deserves to be killed for cracking a system, mate. You're also failing to distinguish between ethical hackers, hacktivists, white hats, black hats, grey hats, mercenaries and so forth.

      Kill off all the hackers and you'd wipe out 95% of the top talent in our industry. Fancy going back to running society on TI-83s?

  7. Anonymous Coward
    Anonymous Coward

    Ugh...

    You cant blame the hackers. Its an opportunistic crime. If the opportunity didnt exist neither would would the crime.

    Sort out the security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like