Target faces big costs related to security breach

Feb 26, 2014 by Anne D'innocenzio
In this Dec. 19, 2013, file photo, a passer-by walks near an entrance to a Target retail store in Watertown, Mass. Target Corp. reports quarterly financial results before the market opens on Wednesday, Feb. 26, 2014. (AP Photo/Steven Senne, File)

(AP)—History doesn't always repeat itself. The hit to TJX Cos. was minimal after it disclosed in 2007 a massive data breach of customer information at its T.J. Maxx, Marshalls and HomeGoods stores.

But Target Corp. isn't faring as well: More than two months after it revealed that hackers stole and personal data of millions of its customers, Target's sales, profit and stock prices have dropped.

What's worse, the second largest U.S. discounter faces the prospect that some shaken shoppers may not return to its stores for a long time. In fact, Target on Wednesday said it expects business to be muted for some time, though it said sales are recovering since the was disclosed in mid-December.

TJX declined to comment for this story, but John Mulligan, Target's , told The Associated Press on Wednesday that the most loyal customers have stuck with Target, but wooing back others will take time.

"We need to remind people why they fell in love with Target," he said.

TJX found itself in the same situation years ago when it announced what was the largest security breach by a retailer at the time. Still, the fortunes of TJX Cos. and Target may wind up being quite different.

Although the data breaches at the two retailers each affected millions of shoppers, analysts say a combination of factors makes Target's challenge bigger. Those include the timing of each company's disclosure and Americans' heightened sensitivity toward privacy concerns now versus before the TJX breach.

The retailers' fates are playing out differently so far. TJX's stock slid 12 percent in the weeks after the breach disclosure to as low as $13. But by the end of 2007, the shares rebounded and today, they're trading at about $58.

Sales also weren't derailed in the breach's aftermath: Revenue at stores opened at least a year, an important retail measurement, were up a better-than-expected 4 percent for the year following the breach.

Meanwhile, Target said on Wednesday that its profit in the fourth quarter fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers worried about the security of their private data. Revenue at stores open at least a year fell 2.5 percent.

Target's stock had fallen 11 percent since it disclosed the breach in mid-December. But on Wednesday, investors pushed shares up nearly 7 percent on the news of recovering sales. The stock is now trading at about $60, down 5 percent since the theft was disclosed.

Analysts say one reason Target is suffering more than TJX did may have something to do with the timing of their disclosures.

Target disclosed on Dec. 19 data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Target said it disclosed its breach within days of finding out about it, shortly after the news was leaking online. But the news came at the worst time for a retailer: During the final days before Christmas, the busiest shopping period of the year.

Then, Target revealed the theft was wider than originally believed a month later. On Jan. 10, it said hackers also stole personal information—including names, phone numbers as well as email and mailing addresses—from as many as 70 million customers.

Target has said there is some overlap between the two batches of data stolen. When the final tally is in, Target's breach may eclipse the theft at TJX, which is the largest incident for a retailer on record.

Conversely, TJX found out about its breach in mid-December 2006, but didn't make it public until the following month. TJX's theft compromised more than 90 million records over an 18-month period starting in mid-2005.

Initially, in March 2007, the retailer disclosed that 45.6 million credit cards were compromised, but a group of banks suing the retailer put that number at more than 90 million in an October 2007 court filing.

Explore further: Target: 40M card accounts may be breached (Update 2)

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Neiman Marcus is latest victim of security breach

Jan 12, 2014

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent ...

Target offers credit monitoring after data breach

Jan 24, 2014

Target Corp. is offering some of its Canadian customers a year of free credit monitoring after a massive security breach at its U.S. stores put confidential details into the hands of thieves.

Recommended for you

Hacked emails slice spam fast

Nov 26, 2014

Spam spreads much faster and to more people when it is being propagated by hacked, or otherwise compromised, email accounts rather than legitimate accounts, according to research published in the International Journal of ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.