Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Target: Expenses Related to Data Breach Higher Than First Thought

Target Retail Store

Target Provides Update on Costs Related to Data Breach 

Target Retail Store

Target Provides Update on Costs Related to Data Breach 

Minneapolis-based Target Corporation announced on Tuesday that its second quarter financial results are expected to include gross expenses of $148 million, partially offset by a $38 million insurance receivable, related to the December 2013 massive data breach that rocked the retail giant.

According to the company, the expenses include an increase to the accrual for estimated probable losses for what the Company “believes to be the vast majority of actual and potential breach-related claims,” including claims by payment card networks.

“Since the data breach last December, we have been focused on providing clarity on the Company’s estimated financial exposure to breach-related claims,” said John Mulligan, Interim President and CEO, CFO of Target Corporation. “With the benefit of additional information, we believe that today is an appropriate time to provide greater clarity on this topic.”  

Update on Expenses Related to the Data Breach

The company provided the following statement related to the December 2013 data breach that has plagued the retailer and forced former CEO Gregg Steinhafel to step down in May 2014: 

During fourth quarter 2013, Target experienced a data breach in which an intruder gained unauthorized access to its network and stole certain payment card and other guest information. In second quarter 2014, the Company expects to record gross breach-related expenses of $148 million, partially offset by the recognition of a $38 million insurance receivable.

Expenses for the quarter include an increase to the accrual for estimated probable losses for what the Company believes to be the vast majority of actual and potential breach-related claims, including claims by payment card networks. Given the varying stages of claims and related proceedings, and the inherent uncertainty surrounding them, the Company’s estimates involve significant judgment and are based on currently available information, historical precedents and an assessment of the validity of certain claims.

These estimates may change as new information becomes available and, although the Company does not believe it is probable, it is reasonably possible that the Company may incur a material loss in excess of the amount accrued. The Company is unable to estimate the amount of such reasonably possible excess loss exposure at this time. The accrual does not reflect future breach-related legal, consulting or administrative fees, which are expensed as incurred and not expected to be material in any individual period.

On April 29, the company named Bob DeRodes as the CIO, who is tasked with guiding the company’s information technology transformation, and in June announced that it hired former GM CISO Brad Maiorino as senior vice president and chief information security officer (CISO).

In the months following the data breach, Target detailed significant steps it took to enhance its information security systems and processes while transforming its security and compliance structure and practices.

Examples include enhancing monitoring, segmentation, logging, and security of accounts and installation of application whitelisting on point-of-sale systems. 

In February, Target announced a significant new initiative as part of the company’saccelerated $100 million plan to move its REDcard portfolio to chip-and-PIN-enabled technology and to install supporting software and next-generation payment devices in stores. 

The retail giant said that beginning in early 2015, its entire REDcard portfolio, including all Target-branded credit and debit cards, would be enabled with MasterCard’s chip-and-PIN solution. Eventually, all of Target’s REDcard products will be chip-and-PIN secured, the company said. The new payment terminals are scheduled be in all 1,797 U.S. stores by this September, six months ahead of schedule.

 Target also said that in March it joined the Financial Services Information Sharing & Analysis Center (FS-ISAC), an organization formed by the financial services industry to help facilitate the detection, prevention, and response to cyber attacks and fraud activity.  

RelatedTarget CEO Exit Highlights Business Side of Security

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption