In this Information Week article, it is reported that TJ Maxx, poster child for the mother of all data disclosures, is being sued by banks. If you remember, they let loose some 45 million credit and debit cards. Figuring $25 cost for each exposed card incurred by a bank to void and reissue the card in question, you come up with somewhere north of a billion dollars as the cost of cleanup. Banks are not primarily in the “spending money out of the goodness of our hearts” business, and will want to collect on their costs, thus coming after the responsible party. Enter the class action suit, covering some 300 banks.

Prediction: This is just the first wave in this type of lawsuit. No longer will admonishment by the FTC or a “mea culpa” sent to customers be the biggest driver behind keeping data on lockdown. Now, private recovery costs will be the biggest stick in the game.