August 24, 2014

Target says last year's data breach cost $148M

Aug. 7, 2014 – The cost to Target of last year's data breach, which compromised millions of consumer debit and credit cards, reached $148 million in the second quarter, the company said in a security filing Tuesday.

The New York Times reported that the Target filing noted an expectation that earnings will drop 78 cents a share; that's down from its earlier projection of 85 cents to $1 a share. The company's statement said it will present additional details on its second-quarter performance and future expectations on Aug. 20. It also said about $38 million of these costs will be covered by insurance.

The 2013 data breach, which occurred from Nov. 27-Dec. 15, drew a strong response from NAFCU, which determined the event cost all card issuers, including credit unions, some $480 million in card replacement and other costs. NAFCU was the first financial trade association to call for a national data security standard for retailers in its wake.

Target has admitted missing warning signs of the breach, and NAFCU continues to push for action in Congress on a national data security standard for retailers and action addressing cybersecurity threats.

NAFCU, with 11 other financial trades, has also urged Senate leaders to act on S. 2588, the "Cybersecurity Information Sharing Act," which would encourage information-sharing on cyber-threats among the business community and the government while still ensuring privacy. The bill was reported out favorably last month by the Senate Select Committee on Intelligence, chaired by the bill's sponsor Sen. Dianne Feinstein, D-Calif.

The joint trades' letter was delivered to Senate Majority Leader Harry Reid, D-Nev., and Minority Leader Mitch McConnell, R-Ky., just prior to recess. Among others, the letter was also signed by the American Bankers Association, CUNA, the Financial Services Roundtable and the Independent Community Bankers of America.