Target Corp. reported Wednesday that expenses stemming from the big data breach it disclosed 11 months ago now total $248 million. The Home Depot Inc., meanwhile, said Tuesday that the data breach it disclosed in September cost it $28 million on a pre-tax basis in its recently ended third quarter. The home-improvement retailer expects to book $34 million in net breach-related expenses for fiscal 2014, but more costs are likely next year.
Minneapolis-based Target made its disclosure in its earnings report for fiscal 2014’s third quarter ended Nov. 1. The breach compromised 40 million payment cards as well as non-card data on 70 million customers. The retailer said its net breach-related costs have been $158 million thanks to a $90 million insurance receivable. The third quarter’s breach costs were relatively small compared with recent earlier quarters—$12 million on a pre-tax basis.
Retailers’ expenses from data breaches include claims by the payment card networks to cover fraud and card-reissuance bills incurred by credit and debit card issuers, computer-system remediation, legal and other professional services, and credit-monitoring services for customers. Target said it has an accrual for estimated probable losses, an accrual the company said in its earnings report that it believes will cover the “vast majority” of present and future expenses. Target added, however, that it is “reasonably possible” that actual expenses could exceed its reserve.
Target, which also is recovering from troubled store rollouts in Canada, managed to increase its net income by 3% to $352 million compared with $341 million in fiscal 2013’s third quarter. Sales totaled $17.7 billion, up 3% from $17.3 billion.
While Home Depot’s breach actually compromised more credit and debit cards than Target’s—56 million—the Target breach came earlier and had more wide-ranging effects. Many observers believe the breach gave new impetus to the payment card networks’ plans to move away from the vulnerable magnetic stripe and convert the U.S. to the Europay-MasterCard-Visa (EMV) chip card standard. The high-profile retailer’s breach also spurred numerous Congressional hearings that probed weak protection of consumer data.
Atlanta-based Home Depot said in its earnings report for its third quarter ended Nov. 2 that it did not include an accrual for breach costs in its latest financial guidance since it can’t yet estimate those costs. Such costs could have “a material adverse effect on the company’s financial results” in the fourth quarter and future periods, the retailer said.
Home Depot president and chief executive Craig Menear told analysts Tuesday in a conference call that the company has a $100 million data-breach insurance policy. For the fourth quarter, Home Depot expects $27 million in gross breach expenses and net costs of $6 million after insurance reimbursements.
Despite the breach expenses, Home Depot posted a 14% increase in net income in the third quarter—$1.54 billion versus $1.35 billion a year earlier. Net sales grew 5% to $20.5 billion from last year’s $19.5 billion.