My article of December 27, was entitled, Target: How To Profit From Their Current Calamity. In that article, I predicted that within one to two months Target stock would fall to 57 to 54. A month after the article was published, Target stock closed at $57.72.
After that article was published, I conducted a study of the largest security breaches in the 21st century. The price action of the stocks studied tends to buttress my original opinion that within a year of the security breach, Target's stock price will return to a level commanded prior to the incident. An analysis of all security breaches involving publicly traded companies since 2000 is listed below.
The first, Card System Solutions, better known as CardSytems, was a major processor or credit-card transactions. CardSystems processed more than $15 billion annually for Visa, Discover, American Express and MasterCard. CardSystems exposed 40 million accounts to a cyber break-in. Unable to recover from the debacle, CardSystems was purchased by Pay By Touch approximately a year and a half after the incident was reported.
HB Gary, a technology security firm, suffered a much smaller security breach (60,000 records lost) and also failed to survive. HB Gary was acquired by Man Tech International.
Wyndham Hotels (WYN) security breaches were so numerous and clustered over such a small time period (three breaches in two years) that an analysis of their stock provided no useful data.
The breach suffered by Yahoo (YHOO) resulted in no significant change in their stock.
The security lapse by Epsilon (ADS) a marketing firm, had no significant effect on the stock.
Two publicly traded companies suffered security breaches shortly before the 2008 market meltdown. Consequently, the stocks took years to recover from the incidents. Since one can assume the market downturn substantially altered the course of the respective companies' stock price, I believed it prudent to eliminate them from the study.
That left me with six companies with security breaches I could analyze.
Heartland Payment Systems, Inc.
Heartland Payment Systems, Inc. provides bankcard payment processing services to merchants in the United States. On 01/20/09, HPY announced a data breach of 100,000,000 accounts.
Sony's PlayStation Network, Qriocity, Sony Online Entertainment (SNE)
On April 26, 2011 Sony reported a security breach affecting the e-mail addresses, names, homes, login credentials and in some cases the credit card information of 101 million users.
Global Payments (GPN)
In March of 2012 GPN, a transaction processor, reported a network penetration resulting in the theft of date involving 1.5 million credit cards.
Bank Of New York Mellon (BK)
In February 2008, a truck transporting unencrypted backup tapes to a storage facility arrived at its destination sans a tape holding the bank account information and social security numbers of 4.5 million customers.
Health Net (HNT)
In May of 2009, Health Net, a Connecticut health care provider, reported a security lapse resulting in the loss of 1.5 million customers financial information.
TJX Companies, Inc.
On January 17, 2007, TJX Companies, Inc. , probably most familiar to you through their Marshall's and T.J. Maxx retail stores, suffered security breach involving 45.6 million accounts.
Below is a chart reflecting the movement in stock price of the affected companies.*
|% lost||Time to bottom||Time to recover|
|HPY||74%||7 weeks||7 months|
|SONY||42%||7 1/2 months||10 1/2 months|
|GPN||24%||5 months||7 months|
|BK||24%||3 months||6 months|
|HNT||14%||11 days||3 weeks|
|TJX||12%||2 months||3 months|
*% lost indicates the percentage drop in the price of a stock following announcement of a security breach. Times are approximate and represent the time from announcement of a security breach to the date the stock reached it's lowest price (Time to bottom) or the date the stock recovered at least 98% of share price (Time to recover).
If Target stock behaves in the same manner as the companies listed above, one could draw the following conclusions:
A long term investor can continue to hold the stock with the expectation that Target will soon return to a price range recorded prior to the security breach.
If you were long on Target and have not yet sold your position, there is a good possibility you have already suffered the lion's share of the losses. To exit your position now is probably not to your advantage.
Once a security breach occurs, companies are likely to suffer double digit, relatively short-term losses in their stock price presenting a possible entry point for investors. With the exception of companies that provide bankcard processing services and/or computer security services, the involved companies will likely recover completely from the security lapses.
In assessing Target's future prospects, the companies' recent difficulties in Canada should be considered. For further information concerning Target's Canadian problems, read my article, Wal-Mart Vs. Target: Where The Real Difference Lies.
It should be noted that the above study, although it represents the largest security breaches known to this author over this century and includes security lapses covering data losses as small as 60,000 accounts, constitutes a very small sample size. Additionally, I made no effort to adjust for the multitude of factors that may influence stock movement. For example, I did not control for positive or negative news that occurred after the security breach and/or the movement of the market in general or in the sectors influencing a particular stock, whether the stock was considered overvalued or undervalued prior to the incident, etc. Consequently, the results of the study may not be valid.