Target faces big costs related to security breach
Feb. 26, 2014
NEW YORK (AP) — History doesn't always repeat itself.
The hit to TJX Cos. was minimal after it disclosed in 2007 a massive data breach of customer information at its T.J. Maxx, Marshalls and HomeGoods stores.
But Target Corp. isn't faring as well: More than two months after it revealed that hackers stole credit card numbers and personal data of millions of its customers, Target's sales, profit and stock prices have dropped.
What's worse, the second largest U.S. discounter faces the prospect that some shaken shoppers may not return to its stores for a long time. In fact, Target on Wednesday said it expects business to be muted for some time, though it said sales are recovering since the breach was disclosed in mid-December.
TJX declined to comment for this story, but John Mulligan, Target's chief financial officer, told The Associated Press on Wednesday that the most loyal customers have stuck with Target, but wooing back others will take time.
"We need to remind people why they fell in love with Target," he said.
TJX found itself in the same situation years ago when it announced what was the largest security breach by a retailer at the time. Still, the fortunes of TJX Cos. and Target may wind up being quite different.
Although the data breaches at the two retailers each affected millions of shoppers, analysts say a combination of factors makes Target's challenge bigger. Those include the timing of each company's disclosure and Americans' heightened sensitivity toward privacy concerns now versus before the TJX breach.
The retailers' fates are playing out differently so far. TJX's stock slid 12 percent in the weeks after the breach disclosure to as low as $13. But by the end of 2007, the shares rebounded and today, they're trading at about $58.
Sales also weren't derailed in the breach's aftermath: Revenue at stores opened at least a year, an important retail measurement, were up a better-than-expected 4 percent for the year following the breach.
Meanwhile, Target said on Wednesday that its profit in the fourth quarter fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers worried about the security of their private data. Revenue at stores open at least a year fell 2.5 percent.
Target's stock had fallen 11 percent since it disclosed the breach in mid-December. But on Wednesday, investors pushed shares up nearly 7 percent on the news of recovering sales. The stock is now trading at about $60, down 5 percent since the theft was disclosed.
Analysts say one reason Target is suffering more than TJX did may have something to do with the timing of their disclosures.
Target disclosed on Dec. 19 data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15. Target said it disclosed its breach within days of finding out about it, shortly after the news was leaking online. But the news came at the worst time for a retailer: During the final days before Christmas, the busiest shopping period of the year.
Then, Target revealed the theft was wider than originally believed a month later. On Jan. 10, it said hackers also stole personal information — including names, phone numbers as well as email and mailing addresses — from as many as 70 million customers.
Target has said there is some overlap between the two batches of data stolen. When the final tally is in, Target's breach may eclipse the theft at TJX, which is the largest incident for a retailer on record.
Conversely, TJX found out about its breach in mid-December 2006, but didn't make it public until the following month. TJX's theft compromised more than 90 million records over an 18-month period starting in mid-2005.
Initially, in March 2007, the retailer disclosed that 45.6 million credit cards were compromised, but a group of banks suing the retailer put that number at more than 90 million in an October 2007 court filing.