For Target and its customers, this is shaping up to be anything but the most wonderful time of the year.
The retailer confirmed Thursday that millions of customers who shopped in stores between Nov. 27 and Dec. 15, the peak shopping period of the year, may have had their credit or debit card information stolen. The news has all the elements of a retail holiday horror story, both for customers and for Target.
See also: How to Check If Hackers Stole Your Data in Massive Target Breach
"It's an awful time of year for this to come," said Sucharita Mulpuru, a retail analyst with Forrester. "Not only is everyone busy dealing with the holiday season, it's the one time of year where most people are shopping. It's a terrible thing to happen."
Yet as bad as the headlines may sound, it's unlikely the incident will have much of a longterm impact on Target's business. The chain is not the first retailer to experience a major security breach, and it certainly own't be the last. Barnes & Noble suffered a similar credit card breach last year at 63 of its stores across the United States. The previous year, a breach at Epsilon, a marketing firm, exposed some personal information for customers of more than 50 major retailers, including Best Buy, Walgreen's and even Target.
In 2007, TJX, the parent company of T.J. Maxx and Marshalls, revealed that 45 million credit and debit card numbers were stolen, only to up that estimate to nearly 100 million a few months later. That is more than double the 40 million accounts reportedly impacted at Target and likely the single largest retail security breach in U.S. history.
That's quite the doomsday scenario for a retailer. But TJX didn't go out of business; in fact, far from it. The company incurred costs of more than $250 million as a result of the security breach, which went toward covering lawsuits, investigations and improvements to its tech infrastructure. Although a significant amount of money, it's still a drop in the bucket compared to TJX's $18.6 billion in sales in the 2007 fiscal year, an increase of 7% from the previous year. The company's revenue has continued to grow since then and topped $25 billion in 2012.
Robert Siciliano, an identity theft analyst, expects that Target may go through a similar ordeal. His estimate, albeit a very general one, is that Target will incur costs "in excess of" $100 million to cover legal costs, possible fines, improved security measures and dealings with major credit card companies that may push for reimbursements. Just like with TJX, though, that would represent a drop in the bucket: Target reported sales of $73 billion in 2012.
The charges may not make a huge dent in Target's bottom line, but the security breach episode is likely to be an ongoing headache for the company for quite some time. "They've got a year's worth of legal issues in front of them," Siciliano said. "They will have to hash it out with banks and credit card companies. There could be fines. They could potentially have government officials after them." Indeed, the Secret Service has already said that it is looking into the situation.
As long as Target and the credit card companies are proactive in dealing with customer questions and work quickly to resolve any issues, analysts expect it will have little to no impact on customer shopping behavior.
"Everybody kind of expects companies to screw up sometimes," Mulpuru said. "But you can win that loyalty back."
Image: Joe Raedle/Getty