Target’s Data Breach Costs Now Total $236 Million

Target Corp. on Tuesday issued an update on its data-breach expenses for the second quarter that brings total costs to $236 million, including expenses in the first quarter and late 2013.

The Minneapolis-based retailer expects gross breach-related expenses in the second quarter to be $148 million, offset by $38 million in insurance. The numbers came in an update Target released ahead of its scheduled Aug. 20 second-quarter earnings report.

The retailer said in its financial report for the first quarter that its total breach-related expenses at the time were $88 million with $52 million covered by insurance. Target’s out-of-pocket costs from late 2013 through the first half of 2014 are $145 million, net of insurance proceeds. Target said it has $100 million in network-security insurance coverage, with a $10 million deductible.

The breach announced last December compromised 40 million payment card numbers and non-card data on 70 million customers.

Target today said the breach expenses should account for the “vast majority of actual and potential breach-related claims, including claims by payment card networks,” but it said that could change as new information becomes available. Target’s expenses include updating its payment card security systems, reimbursing card issuers for reissuing compromised cards and actual fraud, and payment card network fines.

In the first quarter, Target also announced it faced more than 100 lawsuits. Hearings on consolidating the suits have been held in U.S. District Court in St. Paul, Minn.

Target has been trying to assuage consumer anxiety about paying with credit and debit cards in its stores. It has pledged $100 million to equip the point-of-sale systems in its nearly 1,800 U.S. stores to accept chip cards. That is in anticipation of the U.S. payment card industry move to the Europay-MasterCard-Visa (EMV) standard beginning in 2015. EMV cards help foil counterfeit card fraud at the point of sale.

One security researcher says today’s numbers tell only part of the story. “The costs as disclosed by Target do not encompass the total financial impact that the breach had on Target as they do not include how the decline in consumer confidence has affected sales,” Alphonse R. Pascual, practice leader of fraud and security at Pleasanton, Calif.-based Javelin Strategy & Research, tells Digital Transactions News by email. “Our research has shown that one in four consumers breached at a large retailer are likely to avoid that business in the future, and Target’s earnings prove just that, despite the language they choose to use to explain them.”

Target, the No. 2 general retailer, also is reissuing its Redcard-branded credit and debit card portfolio to use MasterCard Inc.’s chip-and-PIN technology.