US RETAILER Target has finally counted up the cost of the data hack that affected millions of its customers, and concluded that it is out of pocket to the tune of $162m.
The Target hack was a big one. The firm revealed the breach in December 2013, and gradually released more details about how many people were affected and how much of their personal information was plundered.
Target has offered free credit monitoring services to affected customers, who are referred to as 'guests' for some reason, and apologised for what they had to endure.
"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue so guests can shop with confidence. We regret any inconvenience this may cause," said Target chairman, CEO and president Gregg Steinhafel at the time.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this."
Now, at the end of the financial year, the firm has replaced Steinhafel and the CIO, and has revealed the financial cost so far. It is not insignificant.
The Target financial statements suggest that the total is $162m. It described this as breach-related expenses, quoting larger numbers before adding that some of the cost is reduced through insurance.
"Target experienced a data breach in which an intruder gained unauthorised access to its network and stole certain payment card and other guest information," the firm explained.
"The company incurred breach-related expenses of $4m in fourth quarter 2014 and full-year net expense of $145m, which reflects $191m of gross expense partially offset by the recognition of a $46m insurance receivable.
"Fourth quarter and full-year 2013 net expense related to the data breach was $17m, reflecting $61m of gross expense partially offset by the recognition of a $44m insurance receivable."
It's a big hit for the firm, and will have been of big concern to customers. Losses so far do not take into account the inevitable lawsuits that will follow, and commentators are low on sympathy for the plundered hardware store.
"Invest now or pay later. This is the message from one of the largest data breaches reported to date," said Steve Hultquist, chief evangelist at security analytics firm RedSeal.
"Consider the return for even a very significant investment in proactive security analytics and process improvements that could have blocked the breach before it even started.
"The lesson for other organisations is clear: you are under attack. Making strategic investments now is a wise preventative measure to keep your organisation and your customers safe."
Eric Chiu, president and co-founder of cloud management firm HyTrust, warned that Target could find itself losing a heck of a lot more money.
"The $162m spent so far by Target is just a drop in the bucket given the class action lawsuits by consumers as well as the recent court ruling that banks can go after Target to recoup their losses," he said.
"When all is said and done, the cost of the breach could reach over $1bn. That should serve as strong evidence that companies need to make security a top priority, especially around insider threats, which is how most breaches are happening today."
Target posted revenues of $21.8bn. µ
Buy shares in VPNs now
Yes, even the one your wrote while you were steaming drunk
Tens of people inconvenienced