Cost of 2013 Target Data Breach Nears $300 Million
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5, rated)

Cost of 2013 Target Data Breach Nears $300 Million

With Latest Settlement, the Cost of the 2013 Target Data Breach Nears $300 Million

In 2013, a week before Christmas, Target suffered a now infamous data breach that resulted in 40 million credit and debit cards being compromised. The timing couldn’t have been worse. The 2013 Target data breach was a massive red flag for millions of US shoppers buying gifts and holiday supplies.

But within the security industry, we know that mishandling user data usually only comes with short term consequences.

Target’s sales and stock took a temporary dip – but before the year was over they recovered. So what did it cost them to lose 40 million credit cards?

This week Target paid a combined $18.5 million dollars to settle investigations led by 47 different state governments. New York Attorney General Eric Schneiderman said it represents the “largest multistate accord ever reached over a data breach.”

This is the latest lawsuit Target has settled related to the data breach and shows just how long it can take to move on from such a high profile incident.

Here is a list of settlements made as a result of the 2013 Target data breach:

All those settlements total $153.9 million dollars.

On top of that there are Target’s own legal fees, the cost of providing credit report monitoring to millions of customers, and other costs associated with the breach (which Target’s decided not to elaborate on in their financials).

In Target’s 2016 annual financial report they reported that the total cost of the breach was:

$292 million dollars

A cyber-insurance policy helped Target cover some of the costs. After the insurance company kicked in, Target’s net loss was $202 million. The breach also cost the CEO his job.

A statement from Target said that the value of this week’s $18.5 million dollar settlement is “already reflected in the data breach liability reserves that Target has previously recognized and disclosed.”

In their 2013 annual report, Target wrote “we experienced weaker than expected U.S. Segment sales immediately following the announcement of the Data Breach, and we are currently facing more than 80 civil lawsuits.”

But in the next year’s report it was noted that “the [breach] will not have a long-term impact to our relationship with our guests,” and that it is an example of an incident that only affected their sales for a “period of time.”

While Target themselves said they incurred “significant expenses related to the data breach,” with annual profits of more than 3 billion, it’s hard to say if it truly had a lasting impact.