Analysts agree that the event is likely to hurt sales at Target's stores at a crucial time, although they disagree on how significant that damage could be. One says the risk to sales should be "manageable," although another is less sanguine.
Shares recently were up 8 cents, or 0.1%, at $62.28.
The stock shed 2% Thursday following the Minneapolis-based retailer's disclosure that it found "unauthorized access" to data on more than 40 million customers' credit and debit cards over three weeks ending Dec. 15.
Hackers were able to gain access to data including "customer name, credit or debit card number, and the card's expiration date and CVV (the three-digit security code)," Target said.
Purchases made on Target.com or at its Canada stores were not affected, the company said.
It's a bad time to announce a security breach, as it comes at the tail end of the busy holiday shopping season. The risk of lost sales for Target should be manageable, however, according to J.P. Morgan analyst Christopher Horvers.
"The timing of the incident just prior to four of the historically top [five] holiday selling days (including Super Saturday) clearly exacerbates the impact as customers may be wary to shop at TGT or use their credit cards," Horvers writes in a Dec. 19 note.
"We estimate that this upcoming week could represent up to 15% of this quarter's sales, and if 10% of customers are impacted, and considering the fact that [approximately] 20% of sales are from [Target] REDcard holders, we estimate a 25-50-bps impact to comps," the note says. Horvers rates the stock at neutral and has a 12-month price target of $63.55.
The company is also likely to endure a settlement payment, given that the breach is not via third-party processors.
"Looking at past data breaches, in 2007 TJX reported that hackers broke into its systems and stole [approximately] 45.7mm credit and debit card numbers. The incident resulted in TJX paying $9.7 [million] in a state-level settlement as well as $24 [million] to cover costs by banks that issue MasterCards, and $40.9 [million] to Visa's issuers," Horvers writes.
Brian Sozzi, CEO and chief equities analyst at Belus Capital Advisors, has a dimmer outlook. He says Wall Street should be worried about Target's winter quarter and 2014 as a whole. He rates Target at "sell."
"I'm worried about January, February, March," he says. The security breach "erodes the Target brand promise."
"There's going to be a delay in January. People want to see if this grows any bigger," he says. "As a retailer you're given a lot of data. As a consumer you're trusting your name's not going to end up somewhat where it shouldn't be. We don't think twice about this stuff ... Now you are, and that's a big problem."
Target had already tempered quarterly expectations for the quarter that ends in January. The retailer forecast earnings of $1.26 a share, below analysts' expectations of $1.45 a share.
"The stock is still overvalued. The transactions are not there," Sozzi says, adding that Wall Street "could hear an earnings warning when they report in February."
Written by Laurie Kulikowski in New York.