Enterprise Applications - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Enterprise Applications


The Meaning Of TJXs $168 Million Data Breach Cost



 By: Evan Schuman
2007-08-15
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Enterprise Applications story.


  Table of Contents:
  1. The Meaning Of TJXs $168 Million Data Breach Cost
  2. ' The Meaning Of TJXs '

Rate This Article:
Poor Best
The Meaning Of TJXs $168 Million Data Breach Cost
( Page 1 of 2 )

Updated: News Analysis: Is TJX's possible $168 million hit for its data breach anything more than a cost of doing business?

With all the numbers that TJX Companies issued in its Aug. 14 earnings statement, the one that has generated the most attention was an estimated $168 million hit associated with the data breach announced in January, which saw consumer information from an estimated 46 million debit and credit cards walk out the door.

The numbers were sliced and diced many ways. About $118 million in after-tax costs taken in the most recent quarter alone, plus $21 million projected as a possible hit for next year on top of $29 million already reported in prior quarters. The Boston Globe quoted a TJX official saying that the $118 million quarterly after-tax figure was about $196 million pretax and that the $21 million for next year was about $35 million pretax. A chart issued by TJX gives a six-month data breach cost of $215.9 million, without explanation.

But a closer look at those numbers suggests both a more dire and a more optimistic perspective.

First, the optimistic side. TJX officials did not, in fact, say that they actually have spent—or necessarily will spend—anything more than a tiny fraction of those dollars. The overwhelmingly largest charge—a $107 million after-tax figure for the chains second 2008 fiscal quarter—was merely a "reserve," a nest egg for what TJX fears its costs may be. Theoretically, its costs might be much lower.

Resource Library:
Read more here about the lawsuit filed against TJX in response to the data breach.

Continuing on the optimistic side, those costs are not causing severe financial strain on the $17 billion retail giant, especially given that its revenue is still soaring, meaning that consumers have strongly embraced TJX and are presumably not being impacted by the breach. For the six months ending July 28, the Framingham, Mass., chain reported $8.4 billion in revenue, an almost 8 percent increase from the $7.8 billion it reported for the prior years identical quarter.

Are these figures merely the cost of doing business and an acceptable cost at that? To get a sense of that, its important to drill down into what these numbers truly represent.

TJXs official word on its cash reserve need is that it represents TJXs "estimation of probable losses, in accordance with generally accepted accounting principles, based on the information available to the Company as of August 14, 2007, and includes an estimation of total, potential cash liabilities from pending litigation, proceedings, investigations and other claims as well as legal and other costs and expenses, arising from the intrusion."

Given the cost of updating security systems for a chain this large as well as legal fees for merely dealing with the many civil lawsuits that arose from the breachs disclosure, those are not particularly large figures. Indeed, its hard to argue that the estimates assume TJX will face relatively small jury awards, assuming any of this litigation ever gets to a jury.

What does all this mean for retailers trying to decide the cost of being breached? On the plus side, TJX officials think they will do well in most—if not all—of their litigation defenses, including costs to be associated with an expected settlement with dozens of state attorney generals.

On the negative side, thats quite a high price tag for a company that may ultimately be proven to have done no wrong. Please note the emphasis on "proven," to avoid angry e-mails from readers who confuse whats provably wrong with what is actually wrong. Provably wrong involves what damages can be proven at trial and can be reasonably blamed on TJX. Will juries and judges view TJX as a victim of brilliant cyber thieves or as a massive company that cut corners and was reckless with consumer private information? TJX seems to be betting on the former.

Page 2: The Meaning Of TJXs $168 Million Data Breach Cost





  Reader Comments: The Meaning Of TJXs $168 Million Data Breach Cost
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Enterprise Applications Articles          >>> More By Evan Schuman
 


x}r㶲s\@♵M=ҔlcؖgRJEĘ"Hʶ~b:?qtMZe29{&-`n4wAȹ=!1(ٟ9#ޙ'w>{(ˑԫQ]}nw2'v=7v@\~}@^cFwD%x_'Щ=ѩ€wɔiPلި/3}B}F7\3Ѣmgb^P$ȁ_ ¢%yHCGu)pC(DsXqDǎH;*C'x8ӽi/DeO‡^b&{Bq<5;^7;0k|Ba5w0vK]K_nCUVekV6^;s9ȹ3z$nPr&N7w#205ARZ"[XdTZ ӡc)u8r `p)jXtGL: nK>1P:x =3~bA2xfdQӸ/*! lpa+PۀyyN .tvl,r~ƷPNAGchGPu#o8sF94G푦J5(GJ\S#x>oچs[=0q*sș7?;Wʪ)Jw9ʑCKo -%u`(.:'^O.ac'H H7&LT)Jj\(͒LCa:b= uz P%opKX+hvd(-bv=ӧ0Cƌ_8RCf9-Ҿ췯;6OΎ;Sdo̲5<JEӀ Zvf#?ޙ#W7ke{#kjꜴ{ GlH  Wh6 N/f O{uHYz>5409;RZIj=2IULxy$Y)r"/ !}O}nr2GrI/o"$cM|Ap6 2Tc]vjo__ VYKS703_]=w a4z@Lu&:h)5?&`Mab&DJH7єye $}ВEtBAͨ8 .)J!"xN3ˌE !\J!=! g|8Jn.r?G_5 .΃awʪ9QY ++\M޲G\zcOfuEzW^?]{6LqJjpX.B2iKB0qjۛZ\MfzTb(7Z`Lm,5,Ltϭ y0`hvz?3Ϩagnۉ9~t$AG66^lzK $ ,70}HOQI4wX8=cOv/|\aPn=D5i-DCw 0Ie&3 yG νdrgo͠~(wMnP>X^0 jp.HpyY?9d} wA,߃9#z[MKx GRP|'sZ( 7^b{""D% T h4AǰEENA7;.VKŤ\*y"Jm':Ν3PKRx&,S,BV-KᗄPf%i2m8-&D7r"e.G 7Kᙖ6FlY,*GV+WMz92a @ == 3ܴ ҄%Ll;i`0Ґ(e`9ޟx=~ h? OzuG VV̚s=R.ƃ5‚L;ilQ̴a85GS9_Aa" eBC`9N{S^kȓ:L:%\w;ıa漇d:N'p6?>{@OM\n|8$/4<3_O#k[}7M߄V 9uC \D r}͚X 4ؐ|&B77cn^ښtɕu.F(hJ~)dz~#Jݸ^`3h{q#%IAg=U檳@d:[6[K7˦EI8Jʰ.Z*Ui -a70Ԣ(P|M$"!tsaͰ,C /0 < ıLBYaT88l];( 2q͝a&9~ >AS-cfDL3$!OT_'E)'x>5 dh*O|INt@F ‘"=yjm s}!T0|" VD0pl)5tl*FuIx-!/?ˇI%"tX2=:{>Q7Ϗ9(gdW%d)>'HR-ʪZJ~~{ ߥ#q'|}1/N7l40zpY ~L}6݁ /r/,|tqZEL[vO`(0v *5TJR_!<,`P.Q9Ufj(87~Ɋh3 خ crAmhv~9N(k589'& B1&GJFg%:!pwC*2#Xݚ `1}j$a!L`f0%+ #m6qJs8-"uW:gKjZSZ+::>j瞏+ӥ ,ć]5}-tq]U*jAe߯yUb^ څHB:GdH#`Zv*6GwԪ6 h)6YS!RW dĞeeK3edjC鳨'8MG9Fi$]|;P rfVȍZtNd_&>ϣɘVJ`f038ʃϣ epvN{79,3?t\쫵R :_=Fp=Эt;vʭ_LWE}kPgw(*Kq3`93"豥mBt`#jZ,lγ>AqHlwBO ~'a%JI) `zVDZ)~HǞ1}]>th֏'*z)TʜYEo(QU-q'F.҄^Ks98$D"$MU"[ qe l&SbR/փ `AQ`"U!TQ>O7(~ (zC9km{~>sPU]|T&#UX)TԒP?YTAteU1n?mVPVW`Zd&s\%\{si0o)Q󩋗r3["X.DД7Ϩ3Rb  kQh#e[,;oF"$ _9 ys)}=^xGsٖWs=ADH·C䄬W!yNFSLo2XGZ[?ֈ4FD!B*.V3 N/Ns>֒\zF_ɾj,8Aϐa6(FGhNٮ{k^GWX* 5 ̀o $*`AQ1 kNG:HvZgp=6" BtX 1te}E/S)Q\(OYY}ҽnr3Klo}AǯJN^vZ-[N7S+t,c?]ѯ8ʆ=?UNju>!4|㿜yQG$ !r"a]Zin} zsHaP;DZ3pu*h hw-gSsS)dAGJ脊aye5))eL5NRMLC]OC/%$;B:z{ gaM.m2jt.>6D20&@v\e0Ӑ`q4É@P V QגZ4ҫoeW!9 \lj9l0 Zta^CrWkb~]ȩZU$}ݝf0أ^Y]s>ͥ0i8;=?P.zsgOɍ2sXs\ ZpFl+ҿDžܳbpfi#%>iפyja~%X@RoBwGH|9~ÿ§  ;s]g伉q+^QW{2.}_?H/K턟ݖycP!OKSϑ%٘&BEWU-u+ln(jYpJeOVr{ld+N$c,nP2vA Js{Q[qec?oW{U<㛟tϯ3i8%~WJ]i}D)]K5"v%ًKqyeYjȓGDK`!i>R{k!bi4V3XT=}v[fv?sL:>dO#@/-vx1tY A'AXy !Vorl8w@rs&8<O$[euw+[S'gSc;/HF#%g&ySϱmG @|Ր ;as*|b \<U&[qVL|}rx|[qzLV_NLRG:|QmW'1/c:Üq %]%g60|K}gؠjB{ L@- rF-6|p4uYDʢx?SEaأweZN4c}VcAAoI wR[JgY,Kɒ+voWH\JCyc"%[Rro0bV3M^QǼ7&rcKn‹/a]zGNK =5aF&G_- ړ8b67$q(hhXyo \A<,7o;= d|F $ /zP⋧RMUR[H}g7#vƾvQU8/Ee$Lˎ@j 0Hp $BN[d-Qml_5RY'{$cZstMq`l?1P$%@jI}];!Bwc7v[*UD=*KI%f7,.MMfZG F$@$n&mO\.wb]ږ*/.v n@5~U"&zq=3b  ۵aP. !`ء򮳜&)Mò"8V<g<$gx˗C8DID "߁Fg[۹(ڟkL>\ J=Bg%i_>+D װ #`AP2'Qޘ돓2}D$lNGAe$\gR"`J] l9(0c>͊>H-K:7Kx Ϝ|E7|0Qp >h%ϙ5{`XǍ*IG "hVrҕ?™L0B$yKjJߒ^WP:}*ZMI͡3ԟ’mlv5|WcNa' ߺ΍n/^f);u"d ,/}"'_<c֍n /dL D\=:h̀U"^! 1.auJuu]7$y'6p۳Lbu A͓a7ۛpil*PԨN@ʫ]Ӑ4&B&9cLU<|MIjɘGH?i_ڧqH"fW~`Q2 tm8qc_nuvX6rq4J`e X2Jg^7u\6o9"7[cEnicˊiHX$>JO0XHxiԺGE'TMkk覕0MUrXPiǑ}c5^ߟ5C>+ tN|c'x kp]'527´&Ar UcuTJZ ɑ;v)IXz;f[֟rSDR|7 ]ȿ2+9rO|k vY'0|{mYo\Mk3$A-[of6௶eul>/r=uaYmZۈYޣ3玮de{URZZN n,iw>qGzl^Jif#e։ IV$2"*Θh֖\3P2EaD+op+A$qp}~I˼ XwMZNړ䭴iİO:Dh{8R[xz1LC1P1C$k3}9lCtt{Qyyũ߳yxH^(Z@ln5g+hJ"s/ ?5myӐtr'u[hbRW~"E|?E* O2 y2fSxh vfa:6M]<*z@~㜦*9sqhGʤ¤t'O|D2~(^Bx8n ţK{{[=ݸ$"=`v{"bTQ]kN9-0M /*n?̗GX*t+eqk Pb!M4#|.IAwP^я TeQO^t]E `f%0-gcWF%5z J 0 CX^qcT3&]4cu\]SS[íZï[+W#rd! `,%7vyak`8(ĒAGCm/-Iyo[+6qN"F dѴB.sI oc*JM]/OQ/K]ZX:~eL<^^AFS3 i"r\IoA$TGP.RMh9^HQ5rWqbfģ Zkah;Xycj=!vc` CK.қ≠D37:Us۷V"7n@GS)mQNa݁DXoDoϰc@V`m 4,\ ?\πTnA4`}"#lR%26ЭZߑVPJj\=rC=-cR&F:<}Q-DR!&҃,(|Al9 c;ZV]Mj;dv3%i4X>&2A0޻K{IV^@96Yln֤Eg+vl"톮knnBzTB}F}gzL?bu{ι\`{aX ˴xfVؖTm}qV.NS)q2.șn붩`ES܂Dsq߷~mXW"Yc6يj`OOc|Σ2!K,YJDCS "PV: 1n Q&@Ĕv7UI,Z/x ` 3 u|`EP00apLoA~2?u:RϾ+%~6t0^Q1e&}R%nNK b$P!%h$bcx=9`1@2dzwȗ>0(-ŌCZQJФ*t!dW`ǪZJ[Wt'xS5n?wF.4W )WPx s#cvFCd$͈ɵ?XF39^&9nIqst/q{G5} \MGݩ;es5NMM`+^E" >"@ \_^dE^f ?eAYF?P~Q{1 ?s w1~]7]? /WWq_e s?=eg_(esG௏ ?e~2A(*h&࿛ Ku1Ay3CΚWpz~;"9(/R*zUKӌg賲+F7_˰ʠsk32Я!ednleڹ:鶒 aqʍz^S_xڞ馵pۭ]hq_l ^c/K^浽I<$xEq\+gل@CX{#uO'NW4CﹺKd^ WsU}ӉzZ>Ś/JYy<q sbžȾ1[QǒGl]#=D~s$z[ 09N~̬(1(G.v8`Fn_x` ~iMnڧnO\Fpyk;ُϋGkwյƚ ~3/߆zH'<+?u>xP[ԙqPޢD)Fyk@Mgiq/ipxx8" 2H 2s{B|%؄Z{JfBZI<&w~łߜ)#,|H𵝦n犱LZԝ:6Zd9\A-& >+`'>AՋpO`wBybh :BQF{&A}FV垓$gg_7b Fy&b3@p+4w^|7(6؆|%O' ϻIߙkR6N>Lc? `nwjں=Pŗ;wa3F)f'NFp)hN̂;OulÝg8G P⁜0ћsx_-G$zlz_Odxƪ~axh=&= d M(IS`"r:Y W96p--  `zmeFiV9DR*,&f , ~sf㿶 (G 9Buz Ϸ;<v7sCk_2qaN`H؂{XiWe1JpC)tO˰ANt3Bk׀5V`=2H] qSg.(ZF#,Wc-ҭ<P0@~c.vz]nFQMF.D]hT[)**S6 /ߵS3LTUSW$;Ѝ iO1igNb cgb@x=f_qxN|,Xu!}őYX&7I /O C7Ѱ0K{,luEG%RXRNCa 0A :p 19.OxI1%h3l䣈mAb?ŕc),]S|۽wߺ"f/On6%c|NKIk^ͦG(ϗ wE&l)vsml-6C-{>*