Target said $191m of gross expense in 2014 was partially offset by the recognition of a $46m insurance receivable, while the 2013 net expense related to the data breach was $17m.
However, more expenses could be on their way after a judge gave financial institutions the go-ahead in December 2014 to proceed with their lawsuit against Target over losses associated with the attack.
A class action lawsuit alleging Target customers were harmed by the breach that made their personal information vulnerable was reportedly also given the go-ahead in January 2015.
Up to 70 million Target customers may have been affected by the data breach that was followed by the resignation of the retailer’s CIO and CEO in quick succession.
The attackers are believed to have stolen records that included the name, address, email address and phone number of customers and the details of 40 million credit and debit cards.
Up to three million of the payment card details are believed to have been sold on the black market and used for fraud before issuing banks cancelled the rest.
Read more about the cost of cyber attacks
- Cyber crime costs businesses across the globe an estimated £265bn a year, according to a June 2014 study
- Targeted cyber attacks could cost up to £1.6m, according to a July 2013 study
- Security professionals have warned businesses not to rely on cyber insurance in the face of increased cyber attacks
- Halting cyber crime could have a positive impact on the global economy, according to Intel Security Europe security researcher and CTO Raj Samani
“Considering the pending legal action, the cost of the breach could reach over $1bn,” said president and co-founder of cloud control firm HyTrust, Eric Chiu.
“That should serve as strong evidence that companies need to make security a top priority – especially around insider threats, which is how most breaches are happening today.”
Spear phishing attacks were recently identified as the key initial step in what has been described in the most daring cyber heist to date, believed to have netted up to $1bn.
Steve Hultquist, chief evangelist at security firm RedSeal, said even a significant investment in proactive security analytics and process improvements would have given a good return on investment for Target.
“Invest now or pay later – this is the message from the Target breach. Making strategic investments now is a wise preventative measure to keep your organisation and your customers safe,” he said.
In a financial results forecast for the fourth quarter of 2014, Sony said it expected the investigation and remediation costs of the devastating November 2014 cyber attack on its movie subsidiary to be $15m.
But like the Target figure, commentators have said the final cost is likely to be a lot higher, without taking into account fines, legal costs and damage to the company’s reputation.
Home Depot, another US retailer recently hit by hackers, has announced that it incurred a pre-tax net expense of $33m in 2014.
However, the company said other than the breach-related costs contained in Home Depot’s fiscal 2014 earnings, it is not yet able to estimate the costs, or a range of costs, related to the breach.