Shostack + Friends Blog Archive


Why We Fight

TJX appears to have suffered little financial fallout. Its stock fell just 2 percent yesterday after the company disclosed the new problems, along with its fourth-quarter earnings. For the three months ended Jan. 27, TJX said, profit fell to $205 million from $288 million in the same period a year earlier.
Store closings led TJX to take a $38 million charge, while the cost of investigating the breach and upgrading systems was $5 million through the end of the quarter.
On an earnings webcast with analysts yesterday, TJX executives said that store traffic through the end of January hasn’t suffered since its Jan. 17 announcement of the security breach. “I want to assure our shareholders that our operational management team isn’t being distracted from our core business or our opportunities to grow,” said chief executive Carol Meyrowitz on the webcast.
Mark Montagna, analyst at CL King in New York, said yesterday’s share decline had more to do with lower-than-expected earnings guidance TJX gave yesterday than the data problems.
“I don’t think that overall Wall Street is seeing it as that big an issue,” Montagna said.
He praised TJX’s management and noted that other retailers have faced similar security problems. “Once they get this resolved, it’s behind them,” he said.

“TJX says theft of data may go back to 2005”, Boston Globe, 2/22/2007

5 comments on "Why We Fight"

  • It’s good to fight 🙂 But to be fair, a data breach shouldn’t be worth 2% of a company’s value. If it is there is likely something else wrong.
    The expected value of the loss should be something like the number of sets, times the probability of each as a loss, times the value. Plus costs. As losing 10k sets seems to indicate that far less are perverted, e.g. 100s, then the expected loss should be quite low.
    I’d predict that the costs are (a) well known at this stage and (b) dominate the expected individual loss, and therefore (c) the loss to the company is easy to factor in.

  • beri says:

    Sad, isn’t it, that the company puts hundreds of thousands of its customers at risk and says that they don’t want to stockholders to worry. Management isn’t paying too much attention to this problem. And of course, yesterday they announced that the problem actually went back at least a year and not a month as they had previously stated. So it’s really true that management isn’t paying attention.
    capitalism at the highest level.

  • Nick says:

    Unlike Choicepoint, TJX is not in the information business, so it is not so critical to them. How they arrange their goods for sale is probably more important than information security to their value.
    However, a general inability to do things well will hurt them in the long run. Bad security indicates an inattention to detail. I think that how TJX responds will show whether this is a hiccup or a downward trend.

  • Master Yoda says:

    Impatient this one is! Teach him, I cannot!

  • ed dickson says:

    I sometimes wonder when the bottom is going to fall out on all of this.
    What happened to the philosophy that businesses existed to serve the needs of their customer?

Comments are closed.