Market Overview

The Year-Long Chain Of Retailer Data Breaches

The Year-Long Chain Of Retailer Data Breaches

The Wall Street Journal reported on December 18, 2013 that Target Corporation (NYSE: TGT) had been the victim of an "extensive theft" of customers' credit and debit card data.

Understandably, consumers panicked and investors worried. The timing couldn't have been worse, as millions of consumers were still rushing to complete last-minute holiday shopping.

On December 19, Target quantified the report and announced that 40 million debit and credit accounts had been compromised. While publicized as being one of "the most epic privacy fails," data breaches have been occurring for several years and in larger numbers.

TJX Companies Data Breach: A Lesson No One Learned From

The TJX Companies, Inc. (NYSE: TJX) said in 2007 that more than 45.6 million accounts had been compromised at its stores over an 18-month period. The owner of popular discount chains like TJ Maxx and Marshalls initially estimated that the data breach would cost them $25 million, but the final tally was nearly 10 times that amount.

TJX Companies data breach could have been a wake call for retailers, payment processors and major banks to join forces and create a safer environment for all.

Related Link: A Closer Look At Major Retail Chains That Announced Store Closures In 2014

Target Not The Only Victim

As a goodwill gesture, Target offered a 10-percent discount on purchases to all clients over the coming weekend after the December 19 announcement. Unfortunately, the damage had been done and the number of transactions at Target fell 3 percent to 4 percent, according to Customer Growth Partners.

On January 10, Target lowered its fourth quarter earnings per share guidance to a range of $1.20 to $1.30 from prior estimates of $1.50 to $1.60. The company's revised guidance reflected a "meaningfully weaker-than-expected sales since the announcement, which have shown improvement in the last several days" and "a comparable sales decline of two percent to six percent for the remainder of the quarter."

Ironically, on the same day, news reports began to surface that high-end fashion retailer Neiman Marcus notified consumers of a data breach involving store credit and debit cards. Krebs On Security confirmed in a blog post that Neiman Marcus was aware of malicious activity as of mid-December.

Krebs On Security reported just four days later that Michaels Companies Inc (NYSE: MIK) may have been a victim of a massive data breach.

Security Issues Foreshadowed Post-Target

On February 4, executives at both Target and Neiman Marcus spoke in front of a U.S. Senate Judiciary Committee.

Target's Chief Financial Officer John Mulligan made the case that a move to chip-and-PIN technology is a move that needs to be made. Also making the case for chip-and-PIN technology was Fran Rosch, a senior VP at security firm Symantec Corporation (NASDAQ: SYMC) who said that the technology makes it harder to steal data in the first place due to extra levels of encryption.

U.S. Senator Al Franken, a member of the Committee, pointed out the fact that the U.S. has one quarter of the world's card transactions but is home to half of the world's card hacking.

The Senator's comments foreshadowed further data breaches throughout 2013 and 2014.

Home Depot Reports Massive Data Breach As Consumers And Investors Yawn

On September 2, Krebs On Security reported that The Home Depot, Inc. (NYSE: HD) may have been victim of a massive credit card breach beginning perhaps in April or May. The company confirmed that it was investing "unusual activity."

The company later revealed that information on 56 million debit and credit cards was stolen because of advanced malware that penetrated the company's system as early as April.

Despite eclipsing Target in total number of compromised cards, Home Depot received little fall-out from consumers. Speaking to Bloomberg, Seth Basham of Wedbush Morgan Securities said that "consumers were conditioned, somewhat, from the fallout at Target -- they're a little less paranoid."

Kmart The Latest Victim

Sears Holdings Corps (NASDAQ: SHLD), parent company of Kmart, stated on October 10 that it detected a breach in its payment data systems. The company said that the data breach may have originated in early September and had gone unnoticed by anti-virus systems. Neither Sears nor Kmart disclosed how many stores were affected or how many credit cards became vulnerable.

Who Will Be Next?

2013 proved to be the worst year for data breaches in history with more than 619 known data breaches nationally involving business, healthcare, education and government.

Target's finally damage count may total upward of $1 billion, according to Jefferies retail analyst Daniel Binder.

Consumers should do their best to safeguard private financial data and check their accounts regularly for suspicious activities. However, responsibility for safeguarding consumer data rests with the companies.

Target has already announced it will switch its REDcard to chip-and-PIN technology, a move that could set a trend of retailers moving toward newer and more secure technology.


Related Articles (TGT)

View Comments and Join the Discussion!

Posted-In: Chip And PIN Technology data breach Fran Rsoch home depot John MulliganTopics Top Stories General Best of Benzinga