Shostack + Friends Blog Archive


Breach outliers: $118m charge for TJX

The Associated Press reports that “TJX profit plunges on costs from massive data breach:”

FRAMINGHAM, Mass. (AP) – TJX’s second-quarter profit was cut by more than a half as the discount store owner recorded a $118 million charge due to costs from a massive breach of customer data….About one-tenth of the charge from the data breach was to cover costs this past quarter. The rest is a reserve to cover future expenses from lawsuits, investigations, and other items.

Previous costs were either “$25 million” (Boston Globe, May 16, 2007) or “$17 million” (Security Focus, May 21, 2007). The Globe reports on a previous $5m charge, but there’s a $3m discrepancy that I can’t account for.

Doubtless, an army of consultants will be out there trumpeting the top line number, and not explaining that most of it is a reserve, to make future earnings more predictable. Also, when you plug the $37 million into the “buy our product” ROI calculators and results in a far less ‘compelling’ pitch.

(Via Pogo Was Right.)

3 comments on "Breach outliers: $118m charge for TJX"

  • Roger says:

    I think you hit two issues here.
    Firstly, the primary reason of taking the $118 million charge in the 2nd quarter is not to smooth earnings, but rather to give investors information about the financial implications of events at the earliest possible time. The logic is that you disclose the financial consequences of events or decisions as soon as they can reasonably be estimated – which actually is good information for an investor to know.
    Secondly, if $118 is what they reasonably estimate the costs of the breach to be, I would think this is a legitimate number for the consultants’ ROI calculators.

  • Adam says:

    Ummm, sure. It’s not to smooth earnings, it’s to insulate future earnings reports from having to be distorted by this. You say spud, I say potahto.

    More importantly, it’s likely to be on the high side of what TJX thinks is reasonable to estimate. Because if they estimate low, they have to go back to the well. Much better to be able to say that the costs of the breach are behind them.

  • Iang says:

    Um, it’s to un-smooth earnings. If they were smoothing earnings they would take (e.g.) a quarter of the charge over the next 4 periods.
    While controversial, it is not considered wise to smooth earnings. The basic logic (backed up by lots of CAPM, etc) is that the market can do that better than you can, so you, the company, should concentrate on getting best info to the market.
    What is interesting is to see some the breakdown. $18 million spent this quarter seems a lot. Have they sent the cheques out already? Are those consultants really wearing out their ROI calculators that quickly?

Comments are closed.