PCI - the costs of non-compliance….more than just fines.
August 17th, 2007 Drazen Drazic Posted in Bad Stuff, PCI, PCI DSS, Vulnerability Management, Web Application Security, cyber crime |
This recent story from Information Week tracks the TJX saga: The TJX Effect. Well worth a read for all organisations - not just those required to be compliant under the PCI DSS program.
This story is far from done and also further highlights implications of non-compliance to good practices and PCI DSS. As also covered in:
http://beastorbuddha.com/2007/06/27/implications-of-non-compliance-with-pci-dss/
August 17th, 2007 at 4:29 pm
http://www.forbes.com/markets/2007/08/14/tjx-retail-update-markets-equity-cx_jl_0814markets31.html
By Joshua Lipton
Forbes.com
08.14.07
TJX has learned the hard way that hackers can cause damage to both a company’s sense of security and its balance sheet.
TJX, which operates discount stores like T.J. Maxx and Marshalls, told traders Tuesday morning that its profit was severely undercut as it absorbed a $118 million charge that resulted from a dramatic breach of customer data.
For the second-quarter ended July 28, the company said its net income fell 57.3%, from $59 million, or 13 cents per share, versus $138.2 million, or 29 cents per share, for the year-ago period.
The after-tax charge for the data breach totaled $118 million, or 25 cents per share. That charge includes $11 million, or 2 cents per share, for costs incurred during quarter as well as $107 million, or 23 cents per share, for the company’s exposure to potential losses.
Excluding this charge, adjusted diluted earnings per share from continuing operations for the quarter were 38 cents versus 29 cents for the prior year, a 31% increase.
Analysts had expected a profit of 37 cents per share.
TJX first reported the breach back in January. Three months later, the company said that the damage done by a computer hacker resulted in an even greater loss of customer credit information that initially suspected.
The company revealed that at least 45.7 million credit and debit card number were stolen over an 18-month period. TJX also said that another 455,000 customer who returned merchandise without receipts had their personal data stolen, including driver’s license numbers. (See: “TJX
Reveals Extent Of Hacker Damage.”)
In afternoon trading, shares of TJX were up 0.4%, or 11 cents, to $27.77.
Still, despite the unfortunate news about the security breach and accompanying financial costs, the company posted some solid sales, which climbed 9% to $4.31 billion. Total sales at stores open at least a year increased 5%.
TJX told traders it’s looking to post a profit for its full fiscal year of $1.84 to $1.88 per share. That’s up from its previous projection of $1.80 to $1.85 per share. The estimates don’t include data breach costs.
Wall Street had forecast a profit of $1.86 per share.
TJX predicts a third-quarter profit of 53 cents per share to 55 cents per share. Analysts are guiding for a profit of 55 cents per share.
Standard & Poor’s analyst Jason Asaeda maintained a “Buy” recommendation on shares of TJX.
“We think TJX’s compelling value proposition across brands, supported by higher marketing spend, along with its ample off-price buying opportunities in both apparel and home fashions, as positioning the company well to weather a tough retail environment,” Asaeda said. He raised his 2008 operating EPS estimate 3 cents to $1.90 and reiterated
his 12-month target price of $31.