Subject: Target (TGT 1.03%)Action on Security Software Picking Up Suspicious Activity: None
Legal Actions Pending: Potentially Dozens
Estimated Damage: Unknown
Image: Poor
Does this sound like the kind of company you should consider investing in? Of course not. But while now isn't likely to be the best time to get involved, Target is still a company that you might want to keep an eye on.
What happened?
As we all know by now, Target reported its data breach on Dec. 19, 2013, despite the breach having begun on Nov. 27, 2013.
It has recently been revealed that on Nov. 30, Target's security team was notified of malicious software appearing in its network. The security team's response: It looked like a threat that didn't warrant further attention. Here's the simple version: The Target security team failed.
The security team's justification is that these types of threats come through the system all the time. However, Target failed where many other major retailers have not. Even if threats come through the system all the time, it's the security teams that follow through on each threat that save their company money.
Not unexpectedly, Chief Information Officer Beth Jacob has resigned from her Target position. A new CIO is expected to be hired soon. On top of that, the security and technology divisions will undergo an overhaul.
In addition to personnel changes, Target has invested $100 million in cybersecurity.
These moves, combined with past events, make it likely that Target will one day be one of the safest shopping destinations in terms of cybersecurity. That said, it might take a while for Target to reestablish its image and earn that reputation. Consider some recent numbers.
Down, down, down
Target's fourth-quarter revenue slid 5.3% year over year, with comps declining 2.5%. Profit declined a massive 46%.
These are all poor numbers, but if you look at the long-term picture, Target offers more than just technological improvements. Target still fills a void -- it attracts the middle- to high-end consumer looking for discounts in a clean and comfortable atmosphere.
Target's stores are strategically located in middle- to high-income areas, which much of its key market, Generation X, calls home. Generation X might not be as large as the millennial generation, but it has more buying power. And while many of these consumers are tech-savvy, it's not often to the same extent as millennials. While many millennials have no problem shopping exclusively online, Generation Xers grew up shopping in brick-and-mortar stores, so they're more likely to continue shopping that way since it's a habit formed earlier in life. While Target is building an online presence, it's a positive that its target market still prefers to shop in the person.
Other data breaches
Not many people are aware of this, but according to a 2009 Wired article, Wal-Mart Stores (WMT 0.46%) suffered data breaches in 2005 and 2006.
The first attack, in 2005, went after the development team in charge of the point-of-sale system. According to the article, Wal-Mart confirmed this to be accurate. Wal-Mart referred to the event as an internal issue since no sensitive consumer data was stolen.
In 2006, Wal-Mart began encrypting credit card numbers and customer information. In November 2006, it discovered a password-cracking attempt out of Belarus. However, Wal-Mart managed to thwart all threats and never had to deal with the PR nightmare Target is facing now. Despite so much hatred for Wal-Mart, this likely indicates a strong security team at Wal-Mart, and potentially stronger upper management overall. It all starts at the top.
Fortunately for Target, another past example gives the company a lot of hope. In 2006, TJX Companies (TJX 0.76%) suffered a data breach that affected approximately 100 million credit and debit cards. It also ended up costing the company $256 million -- 10 times more than expected.
TJX Companies took the long-term approach, paying off all costs associated with the breach right away, sacrificing short-term results. TJX Companies remained focused on long-term relationships with its customers above all else, and this proved to be highly effective. Consider the company's performance on the top and bottom lines since that time:
TJX Revenue (TTM) data by YCharts.
Target is attempting to take a similar approach. The dilemma is that this is bigger public news than the TJX Companies data breach, and the estimated damage is unknown.
The Foolish bottom line
Target is still swimming upstream. With the total data breach costs unknown, customers losing trust in the brand, and financial results poor, Target should still require more time to get back on its feet. That said, given Target's long-term approach to dealing with this problem, the company should eventually bounce back.
