Target's data breach tab: $110 million

Target's data breach tab: $110 million

Summary: The Minneapolis-based retailer saw net expenses of $110 million from the data breach -- no chump change but "less bad" than it could have been, according to analysts.

TOPICS: Security, Big Data

Time may heal wounds for some, but for discount retailer Target, the damages from its 2013 data breach just keep coming.

Special Feature

Why business leaders must be security leaders

Why business leaders must be security leaders

Why do many boards leave IT security primarily to security technicians, and why can’t techies convince their boards to spend scarce cash on protecting stakeholder information? We offer guidance on how to close the IT security governance gap.

Target announced Tuesday that it is lowering the earnings outlook for its second quarter financial period, citing costs related to the now infamous data breach and the repayment of debt.

The Minneapolis-based retailer saw net expenses of $110 million from the data breach, and said it now expects to earn roughly 78 cents a share for the quarter, down from the 85 cents to $1 per share it had previously anticipated. Target also said it expects sales to be flat at established locations in the U.S.

Costs from the breach include losses for the majority of actual and potential breach-related claims, including those from payment card networks.

According to a report from the analyst firm Stifel, the costs could have been much worse:

"We think this is a "less bad" than feared data breach expense and a reminder of the persistent pressures on Target's business."

John Mulligan, interim president and CEO, and CFO of Target, issued a prepared statement addressing the lowered forecast, albeit a bit devoid of any depth related to the data breach damages:

"Since the data breach last December, we have been focused on providing clarity on the Company's estimated financial exposure to breach-related claims. With the benefit of additional information, we believe that today is an appropriate time to provide greater clarity on this topic.

While the environment in both the U.S. and Canada continues to be challenging, and results aren’t yet where they need to be, we are making progress in our efforts to drive U.S. traffic and sales, improve our Canadian operations and advance Target’s digital transformation."

Read this

How often should you conduct penetration testing?

How often should you conduct penetration testing?

In a rapidly shifting attack landscape against the backdrop of a hackers' black market worth billions, if you wait to pentest -- you lose.

Just last week Target named former PepsiCo CEO Brian Cornell as its next Chairman and CEO. Cornell is the first outsider to take the helm of the retail chain. His appointment could be seen as a move to boost consumer confidence in the company's ability to rebuild and salvage its brand.

Mulligan said the new CEO will focus on furthering Target's mission to become a "leading omnichannel retailer" – a mission that will likely be buoyed by Target's recent efforts to step up its data and analytics capabilities.

According to a report in the Minneapolis Star Tribune, on Monday Target marked the opening of technology hub in Silicon Valley that will be geared toward data analytics and engineering for its mobile and online teams. The 7,000-square-foot office space will initially house around 15 employees, but could one day have upward of 70, Target spokesperson Eddie Baeb said.

See also:

Topics: Security, Big Data

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Anyone wonder who Target uses for computing services?

    Microsoft News Center
    Target Selects Microsoft Technologies for Its 1,400 Retail Stores Throughout the U.S.
    Jan. 10, 2006
    Tony Burzio
    • Good for Target

      for choosing the more secure operating system.
    • this is irrelevant

      just as naming the store 'Target' did not make it a target of an attack.

      Target did not properly isolate its networks, allowing an attack on one part to spread to the other.
      Network design and management has nothing to do with the servers they are running.

      Ignorance is a bliss, but it works only so far.
    • Wow

      A news release from 2006... Really?? You must be so proud to spend all that wonderful time finding such an outdated and useless release. Good job.. Troll.
  • Had to replace my credit card

    No evidence of anyone hacking my account after I'd charged my wife's food processer at Target; but damn inconvenient. On the other hand, I'd had that card number for 5 years and it was about time to rotate it to a new number anyway.
  • wrong number

    $100 million is about 0.1% of annual sales which came in at approx $72 billion. The damage isn't mostly monetary, it's the number of people who will never go back into that store. No retailer takes security seriously. Those CEOs do not and will not ever care to take it seriously because IT does not produce revenue, it sucks revenue in their thinking.
  • enough already

    consider also the number of people, and hours, that are being spent on security concerns. sadly, by well meaning people who simply don't have the option to use the tools that should be used for electronic commerce.

    first: use a secure operating system: one which will not allow un-authorized software updates.
    second: authenticate messages, transactions, and software changes using pgp.

    remember: pgp is not just encryption: it provides authentication and integirty.

    EMV is not the answer: EMV makes the same error that mag stripe makes: it starts by sending the customer's account number and PII to the merchant. this is backward. the merchant POS should start by sending an invoice to the customer's card.