This just in… your identity is worth around $3. That’s according to the latest in the TJX saga. TJX, the owner of TJ Maxx and Marshalls (among other stores), has had what many believe to be the largest (reported) consumer data theft in history. The theft of at least 46 million (with an M) identities. Over twice that number are suing. The true number of stolen identities may never be known because by TJX’s own admission, their data retention practices would have erased some of the exposed identities, before they themselves detected the intrusion.

To recap, TJX was hacked in mid-2005 (more background here) and discovered late in 2006. Hackers had almost a year and a half of unfettered, undetected access to full consumer financial and personal data during this time, using the information to purchase gift-cards at places like Wal-Mart. That included full credit card numbers, expiration dates, drivers’ licenses, military & state ID cards, names and addresses. That’s the minimum data that TJX admits to in their theft FAQ. How do I figure you’re worth $3?

TJX started a reserve of, by my calculations, $314 million to cover the costs related to the data theft issue. More than likely a smart strategy to take the write-down early-on and all at once — versus surprising investors each quarter. Before the agreement with MasterCard, TJX had spent $197 million on data breach-related charges. This likely includes defensive counsel, PR firms, call centers (for notifying the owners of identities they knew were stolen), and hopefully additional IT staff, consultants, software and hardware. MasterCard just hit that fund up for another $24 million in penalties. That leaves about $93 million left in the kitty.

So a $314 million reserve covers 100 million litigants. There you go. $3. Even if the number was more near the 50 million identities stolen, that’s $6 per identity.

In 1735, Benjamin Franklin wrote – ‘an ounce of prevention is worth a pound of cure.’ Next up, I’ll talk more about how much that ounce of prevention costs.

Filed under: Privacy, Security