The massive theft of Target Corp. customer data contributed to a huge drop in fourth-quarter profit as the retailer scrambled to win back the trust of consumers and shore up its hobbled payments system.
The Minneapolis-based chain reported that profit was nearly halved from a year earlier to $520 million and revenue slid 5% to $21.5 billion. Target also racked up $61 million in expenses related to the hack, though it expects all but $17 million of that to be covered by insurance.
Criminals stole payment card data, addresses and other information at the height of the holiday shopping season, affecting as many as 110 million customers. The heist is considered to be one of the worst retail cyber-swindles in history, and served as a painful reminder for the industry to be more vigilant.
Hard evidence of the damage from a security breach probably will compel Target's competitors to shape up their defenses in a hurry.
"There's going to be so much pressure — from the government, the banks, the credit card processors — that everyone has to get on board at this point," said Edward Jones analyst Brian Yarbrough. "Retailers can't risk sitting idle and getting hacked themselves."
Target enjoyed "better than expected" sales during the first half of the Christmas quarter, which ended Feb. 1, Chief Executive Gregg Steinhafel said in a statement. The holiday period accounts for 20% to 40% of retailers' sales for the year, according to most estimates.
But "results softened meaningfully" after the retailer announced the data breach just before one of the busiest shopping weekends of the year, he said. Same-store sales, a measure that strips out volatility by including only stores open more than a year, fell 2.5%, its second quarterly decline in 17 quarters.
Target offered shoppers a 10% discount on purchases one weekend soon after confirming the breach and also sent executives to apologize before Congress.
The breach "may have a material adverse effect on future earnings," according to Target, though the company indicated that it is "unable to estimate future expenses" related to the hack. The retailer may have to address claims made by payment card networks dealing with counterfeit cards and fraudulent charges along with civil litigation from customers and banks.
The company continues to conduct what it calls "an end-to-end forensic investigation."
The security hole "really took the wind out of Target's sails — and unfortunately sales," wrote Sandy Skrovan, U.S. research director at Planet Retail, in a note to clients. "The immediate consequence was a loss of shopper trust — and at a time when Target had already been struggling to lure shoppers through the doors."
Even before the breach, Target was facing a tough holiday season. Its expansion into Canada last year — the chain's first international effort — was met with only mild interest. Retailers also endured a bitter cold winter that kept shoppers indoors.
Target's woes, along with similar hacks since at Neiman Marcus and Michaels, have already compelled many in the industry to push for stronger security measures. The National Retail Federation is calling for widespread adoption of credit cards that employ a double layer of protection in the form of PINs and embedded, encrypted chips.
"We believe that recent events will help the industry to reach a tipping point toward accelerated adoption in the U.S., and we are investing to ensure that Target is a clear leader in driving this change," Steinhafel said during a conference call with analysts.
Target said it is speeding up implementation of chip-enabled technology, spending more than $100 million to issue smart cards and prepare terminals in stores. The company also said it is investing $5 million into a new coalition with the Better Business Bureau and cybersecurity groups to raise awareness about consumer scams.
JPMorgan Chase & Co. said Wednesday that it would issue such cards.
Wall Street had expected Target to turn in a much more dismal performance. Shares of the company rose 7%, or $3.98, to $60.49 a share Wednesday.