Last-Minute Shoppers Avoid Target on Account of Security Breach


Talk about bad timing. Days after Target (NYSE:TGT) announced that data from as many as 40 million credit and debit cards were stolen from shoppers during a three week period in December, the retailer suffered reduced consumer traffic over the final weekend before the Christmas holiday, largely known as one of the busiest shopping weekends of the year. According to Reuters, transactions at Target fell 3 to 4 percent this past weekend compared to last year’s figures, while the company’s competitors maintained strong sales.

Last Thursday, the Minneapolis, Minnesota-based retailer was forced to alert customers of a large-scale security breach it suffered at all 1800 of its retail stores that now goes down as the second biggest of its kind, sitting only behind that suffered by TJX Cos Inc. (NYSE:TJX) in March 2007. While Krebs on Security, a security industry blog, leaked the news Wednesday night, Target confirmed it Thursday morning, and explained that the data theft took place over a 19-day period that stretched from November 27 to December 15, three of Target’s busiest shopping weeks of the year. It is still unclear how hackers got the card information — including customer names, payment card numbers, expiration dates, and their CVV security codes — but investigators believe the attackers involved in the crime employed software that can be installed on point-of-sales terminals used to swipe magnetic strips on payment cards, and the U.S. Secret Service is now on the case.

Despite the involvement of investigators, retail analysts still forecasted last week  that Target’s sales would suffer going forward, at least in the short term, and the weekend figures released by retail consultancy Customer Growth Partners LLC, Monday, supported those predictions. According to Reuters, the consultancy firm estimates that U.S. retail sales on Saturday totaled $17 billion, exceeding those on Black Friday by $2 billion, but the number of transactions at Target fell by 3 to 4 percent, and aren’t anticipated to make a comeback anytime soon. The president of the firm, Craig Johnson, maintained, “This is the worst possible time something like this could happen.”

The problem that Target still suffers is that although it “identified and resolved” its security issue on Thursday, suspending the shopper data free-for-all, the retailer still doesn’t know how it was hacked, and likely won’t release information explaining the specifics behind the security breach until until the retailer is confident it can’t happen again. Sounds reasonable, but considering the attack affected all of Target’s 1,800 stores, the investigation could take a while, and Brian Sozzi, CEO of Belus Capital Advisors, explained to Reuters Thursday, “While this search for the truth is happening, the issue damages the trust Target have gained in mobile and calls into question how sales trend in January.”

In his forecast, Sozzi highlights sales trends in January, but this most recent sales estimate provided by Customer Growth Partners evidences that Target is already suffering the consequences of its security breach in December. The holiday shopping season is largely known as the most lucrative time of year for retailers, accounting for as much as 40 percent of sales, but Target is now not enjoying as much success as it initially anticipated, and if the retailer continues to welcome only light traffic into its stores in the final days leading up to the Christmas holiday, its sales slip could seriously impact its next earnings release.

Nonetheless, all Target can do now is meticulously keep up with investigators on the case, and hope to convince shoppers that such a large-scale security breach will never happen again. The retailer’s competitors will also need to learn from Target’s calamity, as now they have to ensure they don’t suffer the same fate, and convince their shoppers of their security — but as Target’s problem elucidates all too well, nothing is ever completely safe.

More From Wall St. Cheat Sheet: