Consequences of The Target Data Breach: The Costs And Impacts
Monday, August 11, 2014
Last week, Target announced the impact upon second-quarter expenses related to its December 2013 data breach. The retailer announced in an August 5 news repease:
"... second quarter financial results are expected to include gross expenses of $148 million, partially offset by a $38 million insurance receivable, related to the December 2013 data breach. These expenses include an increase to the accrual for estimated probable losses for what the Company believes to be the vast majority of actual and potential breach-related claims, including claims by payment card networks. In addition, the Company provided an estimate of costs related to its recently-completed early debt retirement and updated expectations for second-quarter Adjusted1 and GAAP earnings per share..."
The announcement also stated:
"Expenses for the quarter include an increase to the accrual for estimated probable losses for what the Company believes to be the vast majority of actual and potential breach-related claims, including claims by payment card networks. Given the varying stages of claims and related proceedings, and the inherent uncertainty surrounding them, the Company’s estimates involve significant judgment and are based on currently available information, historical precedents and an assessment of the validity of certain claims. These estimates may change as new information becomes available and, although the Company does not believe it is probable, it is reasonably possible that the Company may incur a material loss in excess of the amount accrued. The Company is unable to estimate the amount of such reasonably possible excess loss exposure at this time. The accrual does not reflect future breach-related legal, consulting or administrative fees, which are expensed as incurred and not expected to be material in any individual period..."
The retailer's stock closed at about $60.70 on August 4. On August 5, the stock opened at about $58.09, and dipped to $57.40 on August 7. The share price closed at $58.56 on Friday, August 8. Prior prices were $63.27 on December 31, 2013 and $71.13 on August 13, 2013. Data and the chart below are from Google Finance.
A financial impact like the one that Target has suffered should get businesses' attention to secure their networks so that they aren't negligent, that is, don't fail to meet the standard of behavior for protecting their customers from unreasonable risks, in protecting their customers against security breaches. But is that enough?
Given what I've learned about internet security, much of it from this blog, it may be that legitimate businesses are fighting a losing battle in their efforts to secure their networks and, thus, protect their customers from fraud. Even reasonable measures to protect security aren't enough. Or am I being too pessimistic?
And, of course, ordinary people are even more vulnerable to security threats. And, if you can't make ordinary users' computing devices secure, how will we ever be able to make the Internet secure?
So what's the prognosis for the Web as place to conduct commerce, communicate, enjoy entertainment, and for all of the other things that we use it for?
Posted by: Chanson de Roland | Monday, August 11, 2014 at 10:43 PM