Target Corp. said it expects nearly $150 million in second-quarter gross expenses related to its late 2013 data breach.
The third-largest retailer in the US said expected losses, about $148 million, will be offset somewhat by $38 million in insurance payments.
Target had its point-of-sale systems hacked from November 27 to December 15, 2013. The breach exposed debit and credit card data of as many as 40 million customers, plus an additional 70 million records with other customer information. Target spokeswoman Molly Snyder told Advisen each are two distinct pieces of the breach and there could some overlap.
Target did not immediately respond to Advisen’s request for an update of affected customers.
The expected second-quarter losses include an increase in estimated probable losses for “what the company believes to be the vast majority of actual and potential breach-related claims, including claims by payment card networks.”
ALSO READ: Target data breach cases consolidated in Minnesota | Banks, credit unions tally more than $200M in Target costs
“Since the data breach last December, we have been focused on providing clarity on the company’s estimated financial exposure to breach-related claims,” said John Mulligan, interim president and CEO, in a statement. “With the benefit of additional information, we believe [now] is an appropriate time to provide greater clarity on this topic.”
Target warns its estimate involves “significant judgment” based on available information, courtroom precedent and assessment of valid claims.
According to Advisen Loss Insight data, the Target data breach is the largest retail data breach ever. The affected count combines both of Target’s announcements of payment card and personal identifiable information hackings, but there could be some overlap. If these groups (40 million payment cards and 70 million PII) completely overlapped, Target would still occupy the top spot with an affected count of 70 million.