Target doesn’t usually have to promise to do better by its customers, but in 2013 it had to—twice. The data breach during the holiday season led to the theft of about 40 million payment-card numbers and 70 million additional records. And the company launched a troubled move into Canada, its first market outside the U.S. Together, these made for gloomy accounting when Target reported its annual results on Feb. 26. The company’s sales grew by just under 1 percent, to $72.6 billion, while profits fell 34 percent. “We will continue to work tirelessly to win back the confidence of our guests,” said Gregg Steinhafel, the company’s chief executive officer.

The retailer said the cyber attack led to a 46 percent drop in net profits during the crucial holiday shopping season. The number of transactions for the quarter fell by 5.5 percent—more than during the worst of the recession. Target said the attack has cost $61 million so far, of which insurance will cover about two-thirds. The big expenses are yet to come, though, from civil litigation as well as fines and repayments to banks that suffered credit-card fraud losses. One high estimate puts the total cost to Target at $1 billion.

The cyber attack wasn’t fully Target’s fault—though the extent to which it is will be determined in the 80 or so civil lawsuits the company faces. The problems in Canada most definitely are. Target opened 124 locations across the country last year, more or less in one fell swoop. Canadians weren’t impressed by the merchandise or the prices, which many perceived to be more expensive than in the company’s U.S. stores. Target reported it lost $941 million there.

Cyber criminals are tough to outsmart. The Canadians proved to be tough customers, too.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE