TJX reports soaring profits one year after breach disclosure
The Framingham, Mass.-based company said its profit for the quarter ending Jan. 26 rose to $301 million, or 66 cents per share, from $206 million, or 43 cents per share, over the same quarter one year ago.
The fourth quarter numbers received a boost from an after-tax benefit worth $11 million, made possible by a reduction in the reserve earmarked for the breach fallout to pay for costs, such as legal fees and settlements.
“If you look at the way the settlements went, it was quite reasonable,” Diana Kelley, a Burton Group analyst, told SCMagazineUS.com. “It certainly was an impact that looked bearable for a company of their size.”
Last January, TJX reported that at least 45.7 million customer accounts were exposed to wireless hackers, although court filings have placed the number near twice as high.
Carol Meyrowitz, president and chief executive officer of TJX, said the company followed its typical formula to drive sales. TJX operates some 2,500 stores in North America, most notably T.J. Maxx and Marshalls.
“We were extremely disciplined in managing inventories, which gave us the ability to buy into current trends and offer great brands and fashions at compelling values,” she said. “Further, expense management continued to be a key focus across our company.”
Kelley said that any initial drop in customers following the breach did not last long due to TJX's discount prices.
In addition, the company appears to have survived the impact of losses due to lawsuits – a number some experts had predicted would soar well into the hundreds of millions of dollars. They include a $41 million settlement with Visa -- a number many thought would be much higher -- and an agreement with customers that amounted to little more than self-promotion, including promises of free store vouchers for victims and a three-day sales event.
In December, TJX settled with three bankers groups over costs related to the breach. Terms of the settlement were not disclosed, but TJX said at the time that its burden would be covered as part of the $256 million it already budgeted for the data loss.
Experts said the lawsuit was dealt a blow when a judge transferred the case to Massachusetts state court, denying the case federal class-action status.
Still, the lawsuit set a precedent that retailers – not just banks – must bear responsibility for data-loss events.
“That's the first time that I've seen, on a broad scale, where an impacted retailer had to make restitution to an issuing bank,” Kelley said.