When it comes to data breaches, retailers are one of the biggest targets these days, and today we have some detail on the costs around one of the more high-profile attacks. Target today said that it has booked $162 million in expenses across 2013 and 2014 related to its data breach, in which hackers broke into the company’s network to access credit card information and other customer data, affecting some 70 million customers.
The figure, revealed in the company’s Q4 earnings published today, includes $4 million in Q4, and $191 million in gross expenses for 2014, as well as $61 million gross for 2013. Target says that the gross number was offset in part by insurance receivables of $46 million for 2014 and $44 million for 2013.
This is also not including whatever expenses Target may incur as a result of class action lawsuits filed after the breach, or wider damage to its reputation with customers. In January, a federal judge gave plaintiffs the nod to proceed with their class action case against the company.
Overall Target posted revenues of $21.8 billion, beating analyst estimates, and adjusted earnings per share of $1.50, beating its guidance. The company also recorded a pre-tax loss of $5.1 billion related to the company pulling out of operating in Canada. In pre-market trading, the company’s shares were up a little over 1% to $77.85 per share.
A report published yesterday by security firm FireEye noted that retailers saw the biggest spike in breaches in 2014, and that on average it still takes more than 200 days for companies to detect that they are being hacked. Target said it took the company 12 days to identify what was going on.
The breaches of companies like Target, as well as more recent examples from Anthem and Sony, have such direct consumer ramifications that it is changing the conversation around how seriously companies take security, which has moved from being solely an IT issue into one that reaches the highest executive levels of the company. “Before [the recent spate of breaches], “It was ya I get it security, blah, blah, but I don’t have outrun the bear, I just have to outrun you,'” says David Cowan, a partner at Bessemer Venture Partners. “Now you have to outrun the bear. It is coming after you.”
Additional reporting Ron Miller