Target Reports Direct Financial Impact From Customer Payment Card Breach

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Jan. 10 --Target Corp. has seen “meaningfully weaker-than-expected sales” since its December 2013 announcement of a hacking breach of its customer payment systems, the company said in a Jan. 10 statement.

In addition, Target said as yet undetermined costs related to responding to the breach will cut into the company's bottom line.

“These costs may have a material adverse effect on Target's results of operations in fourth quarter 2013 and/or future periods,” the retail giant said.

Target also raised its estimate of the total number of customers affected by the breach to 70 million, adding some 30 million to the 40 million separately identified as having their payment card data compromised.

Lower Earnings

Target has lowered its earnings forecast for the fourth quarter of 2013, the company said.

An anticipated sales decline of approximately 2.5 percent in the fourth quarter due at least in part to the breach announcement will lower expected earnings per share (EPS) from the previous estimate of $1.50 to $1.60 to $1.20 to $1.30, the retail giant said.

Prior to the breach announcement, the company said it saw “stronger-than-expected” sales in the fourth quarter.

Breach Response Costs

Target said that it couldn't provide GAAP (generally accepted accounting principles) EPS numbers for the fourth quarter of 2013 but said they “may include charges related to the data breach.”

Target said it “is not able to estimate the costs, or a range of costs, related to the data breach” but said they may include “liabilities to payment card networks for reimbursements of credit card fraud,” card reissue costs and “liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities.”



Target Corp. has seen “meaningfully weaker-than-expected sales” since its December 2013 announcement of a hacking breach of its customer payment systems.  


Some members of Congress have called for hearings into consumer financial data security with a focus on the Target breach, and others asked the Federal Trade Commission to investigate the breach (13 PVLR 31, 1/6/14).

The company is also facing several consumer putative class action complaints in federal courts across the country.

Minneapolis-based Target also announced that it will be closing eight stores May 3. The company, however, didn't give any indication that the store closings were related to the data breach.

70 Million Affected

Target announced Dec. 19, 2013, that approximately 40 million customers who used credit or debit cards at the retailer's U.S. stores from Nov. 27 to Dec. 15, 2013, may have had “customer name, credit or debit card number, and the card's expiration date and CVV (the three-digit security code)” compromised due to the breach

The company Dec. 27, 2013 said that, in addition to the above information, encrypted PIN data pertaining to its customers' debit cards were removed by hackers.

Target “determined that certain guest information--separate from the payment card data previously disclosed--was taken during the data breach,” the company said in its Jan. 10 statement.

The company said its investigation of the breach has shown that names, mailing addresses and phone numbers or e-mail addresses for up to 30 million additional individuals were stolen.

“Guests will have zero liability for the cost of any fraudulent charges arising from the breach,” Target reiterated in its statement.

Meanwhile, Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) reintroduced a bill in an attempt to renew efforts to pass data security legislation in the wake of the Target breach (see related report).

Request Bloomberg Law: Privacy & Data Security