I was curious to see whether the Sony figure of $150 million included any fines or other breakdown on how the financial impack might play out. Sony’s financial forecast revision statement to their investors appears to not address fines from Visa or others. They also, rightly, do not speculate on what a settlement package might look like from the class action settlements that have already been filed.

To be clear, fines will probably be very steep. Comparing the Sony breach to Heartland Payments gives us a good picture to start with. Heartland was fined $60 million by Visa. $41.4 million by MasterCard, as well as $3.6 million by American Express. Heartland lost over 100 million debit and credit card numbers. Sony may have only lost a quarter of the credit card numbers, but I think the monetary penalty will be higher because of the extent of the breach and the foreknowledge that Sony might have had. Also the PCI Standards council has put a lot of work in using Heartland and TJX as example cases over the past several years. With such a large company being breached, they are likely to make another example out of them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s