October 19, 2019

October 18, 2019

Subscribe to Latest Legal News and Analysis

October 17, 2019

Subscribe to Latest Legal News and Analysis

October 16, 2019

Subscribe to Latest Legal News and Analysis

Target Data Breach Price Tag: $252 Million and Counting

In a recently-released Form 8-K filing announcing fourth quarter and year-end financial results, Target Corporation reported that expenses incurred in 2014 relating to its 2013 data breach totaled over $191 million.  Those expenses were offset by $46 million in insurance proceeds, resulting in a $145 million charge against Target’s 2014 operating results.  The expenses incurred in 2014 were in addition to $61 million in breach-related expenses incurred in 2013 which, after receipt of $44 million in insurance proceeds, yielded $17 million in net breach-related expenses for Target in 2013.  In all, Target has incurred $252 million in costs arising from the data breach through the end of 2014 which, after receipt of $90 million in insurance proceeds, has resulted in total net expenses to Target in 2013 and 2014 of about $162 million.

Those expense figures will continue to mount over the course of 2015 as Target continues to deal with ongoing litigation and regulatory fallout from the 2013 data breach.  The enormous costs that Target has already incurred should serve as a stark warning of the financial consequences of a data breach.  While we have previously observed in this space that private litigants have had scant success proving or recovering damages in data breach cases, civil money damages are but one potential cost that may arise from a data breach.  Other costs include investigating the breach, repairing compromised systems, compliance with breach notification requirements, providing credit monitoring services for affected customers, and legal fees associated with responding to lawsuits and regulatory actions arising from the breach.  Not quantified as expenses, but also harmful to financial returns are potential reputational harm to the business and resulting lost sales that could dampen the company’s top line.  Even if courts continue to reject private civil money damages claims, businesses should consider data security to be a significant risk factor with potential to result in a materially adverse impact to the financial performance of the corporation.

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

Kevin McGinty, Corporate, Class Action, Attorney, Mintz Levin, Law Firm

Kevin concentrates in complex corporate and class action litigation. He chairs the firm's Class Action Working Group and has extensive experience defending consumer, antitrust, unfair trade practice, contract, mass tort, and employment class actions.

He has also represented corporations, professionals, and individuals in business acquisition disputes. Kevin’s clients have included health care–related entities (including pharmacies, PBMs, and managed care organizations), insurers (including life, auto, and casualty companies), retailers, manufacturers, and accounting firms. Several...