Will Target's Data Breach Nightmare Ever End?

Subject: Target (NYSE: TGT  ) Action on Security Software Picking Up Suspicious Activity: None
Legal Actions Pending: Potentially Dozens
Estimated Damage: Unknown
Image: Poor

Does this sound like the kind of company you should consider investing in? Of course not. But while now isn't likely to be the best time to get involved, Target is still a company that you might want to keep an eye on.

What happened?
As we all know by now, Target reported its data breach on Dec. 19, 2013, despite the breach having begun on Nov. 27, 2013.

It has recently been revealed that on Nov. 30, Target's security team was notified of malicious software appearing in its network. The security team's response: It looked like a threat that didn't warrant further attention. Here's the simple version: The Target security team failed.

The security team's justification is that these types of threats come through the system all the time. However, Target failed where many other major retailers have not. Even if threats come through the system all the time, it's the security teams that follow through on each threat that save their company money.

Not unexpectedly, Chief Information Officer Beth Jacob has resigned from her Target position. A new CIO is expected to be hired soon. On top of that, the security and technology divisions will undergo an overhaul.

In addition to personnel changes, Target has invested $100 million in cybersecurity.

These moves, combined with past events, make it likely that Target will one day be one of the safest shopping destinations in terms of cybersecurity. That said, it might take a while for Target to reestablish its image and earn that reputation. Consider some recent numbers.

Down, down, down
Target's fourth-quarter revenue slid 5.3% year over year, with comps declining 2.5%. Profit declined a massive 46%.

These are all poor numbers, but if you look at the long-term picture, Target offers more than just technological improvements. Target still fills a void -- it attracts the middle- to high-end consumer looking for discounts in a clean and comfortable atmosphere.

Target's stores are strategically located in middle- to high-income areas, which much of its key market, Generation X, calls home. Generation X might not be as large as the millennial generation, but it has more buying power. And while many of these consumers are tech-savvy, it's not often to the same extent as millennials. While many millennials have no problem shopping exclusively online, Generation Xers grew up shopping in brick-and-mortar stores, so they're more likely to continue shopping that way since it's a habit formed earlier in life. While Target is building an online presence, it's a positive that its target market still prefers to shop in the person.

Other data breaches
Not many people are aware of this, but according to a 2009 Wired article, Wal-Mart Stores (NYSE: WMT  ) suffered data breaches in 2005 and 2006.

The first attack, in 2005, went after the development team in charge of the point-of-sale system. According to the article, Wal-Mart confirmed this to be accurate. Wal-Mart referred to the event as an internal issue since no sensitive consumer data was stolen.

In 2006, Wal-Mart began encrypting credit card numbers and customer information. In November 2006, it discovered a password-cracking attempt out of Belarus. However, Wal-Mart managed to thwart all threats and never had to deal with the PR nightmare Target is facing now. Despite so much hatred for Wal-Mart, this likely indicates a strong security team at Wal-Mart, and potentially stronger upper management overall. It all starts at the top.

Fortunately for Target, another past example gives the company a lot of hope. In 2006, TJX Companies (NYSE: TJX  ) suffered a data breach that affected approximately 100 million credit and debit cards. It also ended up costing the company $256 million -- 10 times more than expected.

TJX Companies took the long-term approach, paying off all costs associated with the breach right away, sacrificing short-term results. TJX Companies remained focused on long-term relationships with its customers above all else, and this proved to be highly effective. Consider the company's performance on the top and bottom lines since that time:

TJX Revenue (TTM) Chart

TJX Revenue (TTM) data by YCharts.

Target is attempting to take a similar approach. The dilemma is that this is bigger public news than the TJX Companies data breach, and the estimated damage is unknown.

The Foolish bottom line
Target is still swimming upstream. With the total data breach costs unknown, customers losing trust in the brand, and financial results poor, Target should still require more time to get back on its feet. That said, given Target's long-term approach to dealing with this problem, the company should eventually bounce back. 

Where to turn for massive long-term potential in retail
To learn about two retailers with especially good prospects, take a look at The Motley Fool's special free report: "The Death of Wal-Mart: The Real Cash Kings Changing the Face of Retail." In it, you'll see how these two cash kings are able to consistently outperform and how they're planning to ride the waves of retail's changing tide. You can access it by clicking here.


Read/Post Comments (1) | Recommend This Article (0)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On March 22, 2014, at 12:44 PM, UlfMattsson wrote:

    I agree that “The security team's justification is that these types of threats come through the system all the time. However, Target failed where many other major retailers have not. Even if threats come through the system all the time, it's the security teams that follow through on each threat that save their company money”, but no number of traps, bars, or alarms will keep out the determined thief.

    We need to protect the data itself since monitoring is not helping us according to the Verizon 2013 Data-breach-investigations-report, reporting that only 13% of breaches are detected by internal tools.

    I read about retailers that are using best practices in an interesting report from the Aberdeen Group. The report revealed that “Over the last 12 months, data tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users”.

    I think that the Aberdeen approach can quickly address some of the urgent issues, while we start working to fix the other problems. The name of the study, released a few months ago, is “Tokenization Gets Traction”.

    Ulf Mattsson, CTO Protegrity

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 2880762, ~/Articles/ArticleHandler.aspx, 9/18/2014 1:57:56 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement