Target warns data breach could hurt future profit

Dhanya Skariachan and Jim Finkle
February 26, 2014
The sign outside the Target store in Arvada
View photos
The sign outside the Target store is seen in Arvada, Colorado January 10, 2014. REUTERS/Rick Wilking

By Dhanya Skariachan and Jim Finkle

NEW YORK/BOSTON (Reuters) - Target Corp warned that costs tied to a cyber attack that affected tens of millions of shoppers could hurt its results in the first quarter and beyond, but shares rose as its full-year outlook was better than some investors had feared.

The third-largest U.S. retailer reported a 46 percent drop in net profit in the crucial holiday quarter and reported $61 million (36 million pounds) in costs related to the breach. It did not provide an estimate on future expenses related to the cyber attack, though it said they "may have a material adverse effect" on results of operations through the end of the current year and beyond.

Target shares rose 4.8 percent to $59.25 in late morning trade as company executives began an analyst conference call. It was the first time the Minneapolis-based retailer had faced Wall Street since the breach, which led to the theft of about 40 million payment card numbers and 70 million other records.

"It is going to take some time for this to heal," said Sean Naughton of Piper Jaffray, who estimates that transactions were down "in the high single digits" in the weeks after the breach was disclosed.

The retailer said it sees first-quarter profit of 60 cents to 75 cents, excluding expenses related to the data breach and other items. Analysts expect the company to report quarterly profit of 85 cents, according to Thomson Reuters I/B/E/S. For the full year, Target sees earnings of $3.85 to $4.15 a share on that basis, compared to the analyst forecast of $4.15 per share.

Jaffray said that Target's reputation for having a top-rate shopping experience had been tarnished by the fact that many customers have either had to have payment cards replaced or find themselves checking their monthly statements more closely, giving them a negative association with the retailer.

He noted that Target posted a 5.5 percent drop in transaction count during the quarter, the worst he had ever seen, even steeper than the 4.8 percent drop reported when the United States was in the midst of a financial crisis in the fourth quarter of 2008.

Sales fell 3.8 percent to $21.52 billion in the fourth quarter, missing the already lowered estimate of $22.37 billion, according to Thomson Reuters I/B/E/S. Same-store sales, or sales at U.S. stores open at least a year, fell 2.5 percent.

The data breach "took the wind out of Target's sails - and unfortunately sales," said Sandy Skrovan, U.S. Research Director at Planet Retail.

Net earnings fell to $520 million, or 81 cents a share in the three months that ended on Feb 1, from $961 million, or $1.47 a share, a year earlier. Excluding its losses in Canada and a host of items, it earned $1.30 a share. That was at the high end of its lowered forecast from January.

The retailer had already lowered expectations for the fourth quarter. News of the breach has hurt its reputation and stock, and made many on Wall Street take down their profit and sales estimates on Target.

Target did not buy back any shares during the fourth quarter and stayed away from commenting on future repurchases. Many on Wall Street expect it to slash its share buybacks as it copes with costs tied to the data breach.

"We continue to think it is unlikely that the company will resume share buyback anytime soon," Cowen analyst Faye Landes said in a note to clients on Wednesday.

THE BREACH EFFECT

Target said of the $61 million in expenses related to the breach during the quarter, $44 million were offset by an insurance payment, bringing the impact to $17 million.

Mark Rasch, a former cyber crimes prosecutor who worked on some of the biggest U.S. payment card breach cases, said that it was too early to estimate how big the bill would be, but it would certainly be in the hundreds of millions of dollars and could top $1 billion. "We know it is going to be big. We just don't know how big," he said.

Target has declined to discuss exactly what sorts of costs its cyber insurance will cover or identify its insurers.

Insurers offer cyber policies that cover costs for items such as investigating breaches and repairing networks, compensating credit card issuers for fraudulent activity, fighting lawsuits and responding to regulatory probes.

Target said breach-related expenses may include costs for reissuing cards, lawsuits, government probes and enforcement proceedings, legal expenses, investigative and consulting fees, and capital investments.

(Reporting By Dhanya Skariachan in New York and Jim Finkle in Boston; Editing by Chizu Nomiyama and Rosalind Russell)