"The nation's second largest discounter said Wednesday that its profit in the fourth quarter fell 46 percent on a revenue decline of 5.3 percent as the breach scared off customers worried about the security of their private data... Target's business has been affected by the breach in a number of ways. During the quarter, the number of transactions fell 5.5 percent... The company also has faced costs related to the breach. Target said it can't yet estimate how much the data breach will cost it in total. But in the fourth quarter, it said the breach resulted in $17 million of net expenses, with $61 million of total expenses partially offset by the recognition of a $44 million insurance receivable."
Typically, after a data breach affected consumers require replacement bank cards (e.g., credit and debit). Banks incur costs to issue replacement cards, to close affected accounts, and open replacement accounts. Consumers incur costs from stolen money, the lost time and aggravation to submitting complaints for reimbursement, and to re-establish online payment account settings.
ABC News also reported:
"Target said expenses may include payments to card networks to cover losses and expenses for reissuing cards, lawsuits, government investigations and enforcement proceedings..."
May? I would say definitely. Why? The Huffington Post reported:
"Costs related to the holiday data theft has now exceeded $200 million for financial institutions, according to data collected by the Consumer Bankers Association and the Credit Union National Association. The two trade associations said Tuesday that 21.8 million of the 40 million compromised credit and debit cards have been replaced."
And, these costs will surely rise since the damage is still ongoing. Target will also incur legal costs to defend itself. The Minneapolis Star Tribune reported:
"A group of First Farmers & Merchants banks in southern Minnesota has sued Target Corp. over alleged damages from the retailer’s data breach late last year. While a number of financial institutions from around the country have sued the company since news of the data heist broke, the First Farmer & Merchants lawsuit is believed to be the first by a financial institution on Target’s home turf in Minnesota... The banks are First Farmers & Merchants National Bank in Luverne, First Farmers & Merchants National Bank in Fairmont, First Farmers & Merchants State Bank in Brownsdale, First Farmers & Merchants State Bank of Grand Meadow and First Farmers & Merchants Bank in Cannon Falls."
According to the Chicago Tribune:
"A House of Representatives committee with broad investigative jurisdiction has turned up the heat on Target Corp, demanding that the No. 3 U.S. retailer turn over internal documents and messages describing how and when it learned of a recent massive consumer data breach... The committee set a deadline of March 10 for Target to turn over the materials... the House committee also requested any documents generated between November 1 and December 19 referring to discussions about notifying others about the data breach, and any documents generated since December 12 in which any federal agency advised the company to avoid providing information to Congress."
Why Congress started this investigation:
"... was prompted, at least in part, after committee officials felt dissatisfied with responses given by Isaac Reyes, an official with Target's government relations department, during a January 30 conference call about the data breach."
About breach costs, the Chicago Tribune reported:
"... several analysts expect Target to slash its share buybacks as it copes with costs tied to the breach, which some estimate will cost the company $500 million to $1.1 billion."
When companies fail to protect consumers' sensitive personal and payment information, there are lots of consequences. There should be lots of consequences. I'll bet that Target executives did not expect the consequences they now face.
My advice to executives at corporations, banks, and mobile app developers:
If you can't protect it, don't collect it.