Encryption? It's bad business!
I work for a bank, hence Anon posting.
It's easy here to talk of the obligation to encrypt. I'd guess that if TT were storing customer data, including bank data, on a web-accessible front end they have some pretty shabby systems...other have asked why customer data and financial data were not stored elsewhere and only assembled when needed for a single customer view.
I'm guessing that TT will have a messy architecture and also have not consolidated systems from earlier takeovers. Remember, too, that each of these will have multiple associated test systems. At this point encryption becomes a difficult business: matching logons with customers and finance data for each request across all these systems in an encrypted format, AND being able to do this for each of the different test environments.
It's an expensive business. Happily the cost of failure is relatively small. My estimate, below, is that they will lose around £40m as a result of this poor management. I'm guessing, too, that the cost to remediate would far outweigh this.
So, why bother encrypting when the cost of failure is so small?
Can anyone offer any insight as to why the potential money-making by this company is viewed by the market as only marginally impacted?
BTW: You bank will only encrypt tiny elements of your card data. You can bet your boots that your details, transactions, marketing information are all in plain-text. Perhaps well-protected but plain text. Oh, and there's not one copy of that customer database, there will be tens of them...each needed to satisfy the need to test thousands of IT changes each month. My view is that making production safe is about five times easier than dev/test!
COST OF THIS TERRIBLE ERROR
Potential fine: I think the ICO can fine up to £0.5m
The value of the company: shares have gone from 268p on Thu to 264p on Friday: the company is now worth £36.2m less than it was.
Plus, sundry costs to tidy up, say £2m?
Total: £38.7m