The money has been spent on providing identity theft protection to affected customers, costs from welcome back programs that offer services for free, customer support costs, network security enhancement costs, legal and consulting costs, as well as lost revenue, Sony said.
The company detailed the data breach costs in a revision to its forecast for fiscal year 2011.
Sony stressed that it has not received “any confirmed reports of customer identity theft issues, nor any confirmed misuse of credit cards” from the data breaches.
The company acknowledged that class action lawsuits have been filed against the company and some of its subsidiaries and regulatory inquiries have been initiated. These could significantly increase the costs from the data breaches. “Those are all at a preliminary stage, so we are not able to include the possible outcome of any of them in our results forecast.”
In addition, Sony estimated that the recent earthquake and tsunami would cost the company 39 billion yen in sales and operating income in fiscal year 2011 and 150 billion yen in fiscal year 2012. Overall, the company expects to post a net loss of 260 billion yen ($3.18 billion) for fiscal year 2011.
If Sony’s data breach costs reach the average of $214 per compromised record, as estimated in the latest data breach report by the Ponemon Institute and Symantec, the company’s costs could total a whopping $21.4 billion. This perhaps is an unrealistic estimate but it suggests the possible magnitude of the problem for the Japanese electronics firm.