Feedback
Business

Cost of Data Breach Could Give Target Sticker Shock

The data breach at Target Corp., bigger than previously disclosed, could give the retailer sticker shock as it deals with related costs and angry customers. RICK WILKING / Reuters

Target has a different kind of bull's-eye on its back these days.

Experts say the news that personal information including names, phone numbers and email addresses were among the data stolen in a massive breach could create an enormous, expensive headache for the big box giant, especially if affected customers become victims of identity theft.

“As a rule of thumb, a data breach will cost merchants about $200 per breached record,” Brian Riley, a CEB TowerGroup senior research director, said via email. A 2013 study estimated the cost of a U.S. merchant data breach at $188 per compromised record, although it only looked at breaches of less than 100,000 records.

The potential price tag is eye-popping. A 2007 hack of accounts at T.J. Maxx cost parent TJX Cos. a reported $256 million. And a 2009 breach at Heartland Payment Systems eventually cost the company $140 million, with more litigation ongoing.

“The theft of email addresses and phone numbers from Target customers will probably mean those folks will get more email and phone solicitations and scams,” Brian Krebs, the digital security blogger who first broke the story of the Target breach, wrote on his Krebs on Security site. With that information, crooks can “phish” for Social Security numbers or birth dates, which opens the door to full-blown identity theft, in which criminals take out loans or apply for lines of credit in someone else’s name.

“These are the types of problems that can have very long-ranging issues when it comes to your credit score, your ability to get loans. These are the types of problems that can stick with you for a very long time,” said Craig Maurer, managing director at CLSA/Credit Agricole Securities. “If that’s the case, you will never go to Target again.”

Numerous Facebook users posting to the retailer’s page Friday already have vowed never to return. User Bob Castle wrote, “We are done shopping at Target. You have proven that you can't protect our credit data.”

“Our family will never purchase another item from Target ever again,” Facebook user Mike Metchikoff wrote in a comment on the same post.

Target’s recent performance indicates that customers might have been avoiding the retailer even before the newest, more damaging information came to light.

In its most recent statement about the breach, the company said it anticipates a comparable sales decline of about 2.5 percent for the just-ended fourth quarter, and a 2 percent to 6 percent decline for the rest of this quarter. Goldman Sachs analyst Matthew Fassler wrote in a research note Friday that the company’s estimates and price target for the retailer are now under review “pending further analysis of today’s disclosure.”

Target’s shares closed Friday at $62.62, down slightly more than 1 percent.

Despite the latest revelations, don’t expect Americans to shred their credit cards and switch back to cash anytime soon.

“Consumers have very short memories,” pointed out Marshal Cohen, chief retail analyst at NPD Group, a market research firm.

“People don’t want to go to the ATM,” agreed Maurer. “They don’t want cash; they don’t want change. … I think the ship has sailed as far as their habits on spending.”