The Washington Post

Data breach hits Target’s profits, but that’s only the tip of the iceberg

A massive data breach during the holiday shopping season hurt Target's fourth-quarter profit, and the retailer warned future earnings will be negatively impacted as well. (Reuters)

Target’s new year is off to a rocky start.

The retailing giant said Wednesday that a December data breach that enabled the theft of millions of customers’ payment information had helped drag its fourth-quarter profit down 46 percent, to $520 million. The massive cyberattack has already cost the retailer $17 million. The final tally will be bigger, Target said, though it’s unclear by how much.

The results didn’t surprise analysts but signal the onset of a rough year for one of the nation’s biggest retailers at a time when the industry is already grappling with a tough economic environment. Extreme winter weather, weak holiday sales, a sluggish labor market and low consumer confidence have hit many retailers’ profits.

Target had the added burden of dealing with the breach in the midst of the critical holiday season. Sales nose-dived once news of the attack broke a week before Christmas.

Target tried to pacify customers and salvage its sales by offering an extra 10 percent discount. This, however, was not enough, and the company reported that its sales fell 6.6 percent for the fourth quarter and 34 percent for the year.

While the quarterly decline looks like a blip next to the big-box retailer’s $73 billion in annual sales, analysts say Target has a long way to go before it can move beyond this incident.

Even after the immediate fallout from a data breach subsides, companies face costs that eat into their earnings for years, according to industry observers. When the scale of the attack is as large as the one that hit Target — up to 110 million customers’ records were stolen — the price tag is higher.

More important, analysts said, will be rebuilding shoppers’ faith.

On a recent snowy afternoon in the Target at Prince George’s Plaza in Hyattsville, Mayelin and Jatnna Jimenez said they’d changed the way they shopped. Mayelin said she hadn’t bought anything at the store since the holidays, while her sister said she used cash to pay for her purchase that afternoon.

Both had been issued new credit cards after their information was swept up by hackers in the breach, they said.

“We love Target, but we are disappointed,” Mayelin Jimenez said.

Freda Miller was more optimistic. Miller said she was also affected by the data breach and is concerned about the security of Target’s payment systems. Nevertheless, she continued using her debit card to shop at the store, she said. “I trust Target will stand by its customers,” she said.

The recent cyberattacks against Target, Neiman Marcus and other retailers have triggered debates in Washington about data security practices, the country’s outdated payment technology and breach-notification laws.

For Target, the incident has also unleashed a litany of costs that include legal fees, software updates, customer reimbursement and damage control. The figure is difficult to pinpoint, security experts say, but it won’t be small.

So far, the company has spent $61 million to cover costs associated with the breach, including the cost of providing credit monitoring services to its customers. Target said it expects $44 million of that to be covered by insurance.

The retailer said it couldn’t provide an estimate of how much the breach would ultimately cost because of an ongoing government investigation.

“Regardless of the ultimate dollar amounts, we have the financial strength to move beyond these near-term impacts,” John Mulligan, Target’s chief financial officer, said in a call with investors Wednesday.

If the government’s probe finds Target at fault for not complying with industry-specific security standards, the company faces fines in the range of $400 million to $1.1 billion, according to an estimate by Jefferies, an equity research company. That figure did not include lost sales or customer goodwill, the firm said.

Banks foot the bill for issuing customers new cards, although Target could end up paying part of that share depending on its agreement with financial institutions, experts say.

“They can’t get out of this for less than $100 million,” said John Kindervag, vice president and principal analyst at Forrester Research.

To understand how much the retailer stands to lose, analysts point to the 2007 attack that hit TJX, the parent company of T.J. Maxx and Marshall’s. Hackers stole the payment data of more than 45 million customers by exploiting an unsecured wireless network.

TJX’s initial estimates put the damage at about $25 million, but once the dust settled, the company ended up paying more than $250 million. That probably means Target’s troubles are just beginning.

“I doubt that we’ll ever really know the full costs,” said Kindervag.

Amrita Jayakumar covers national startups, small business issues and entrepreneurship.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
From clubfoot to climbing: Double amputee lives life of adventure
Learn to make traditional soup dumplings
Deaf banjo player teaches thousands
Play Videos
Unconventional warfare with a side of ale
The rise and fall of baseball cards
How to keep your child safe in the water
Play Videos
'Did you fall from heaven?': D.C.'s pick-up lines
5 ways to raise girls to be leaders
How much can one woman eat?
Play Videos
How to get organized for back to school
How to buy a car via e-mail
The signature drink of New Orleans

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.