Target Pretends Losses From Hackers Don't Count
The practice of reporting corporate earnings while excluding the bad stuff has been out of control for years. It's common practice nowadays for U.S. companies to reveal their quarterly results both in the normal way, under generally accepted accounting principles, and on a nonstandard basis, using their own made-up accounting rules.
Usually the non-GAAP numbers end up looking better because the companies exclude all sorts of ordinary expenses that hurt the official bottom line. Wall Street stock analysts tend to be willing accomplices in this game.
It isn't news that companies do this -- except when one of them does something so ludicrous and extreme that it cries out to be ridiculed.
This brings us to Target Corp., the Minneapolis-based retailer that last month revealed that as many as 40 million of its customers' credit- and debit-card accounts were compromised. Last week, Target said the home and e-mail addresses for as many as 70 million people were stolen. These breaches could result in significantly reduced earnings. So Target devised a simple response: It will exclude such losses from its preferred earnings metrics when it reports quarterly results.
It's as if the losses never happened, at least for fantasy-accounting purposes.
In a news release last week, Target said it "is not able to estimate the costs, or a range of costs, related to the data breach." A Target spokesman, Eric Hausman, confirmed that the company will exclude any such costs from its so-called adjusted earnings, which doesn't adhere to GAAP.
Here's the stuff that may get lumped into those excluded charges, according to the release: "liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs, liabilities related to REDcard fraud and card re-issuance, liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities."
It's not as if Target hasn't had stuff stolen from it before, or that it doesn't get sued on a regular basis. The difference is that the latest data heists were really, really bad. The upshot: Small losses count (think shoplifters). But losses stemming from the theft of personal data for tens of millions of customers don't count, because those would be much bigger.
Put another way, the bigger the losses are, the less they matter.
It seems obvious why Target is doing this: to make its preferred numbers look better. The company has a different explanation, of course. When I asked Hausman why Target is excluding these costs from its adjusted earnings, he said: "It is a unique, nonrecurring event. This has never happened before. So it is not considered a part of our recurring operations."
Actually, it most certainly is part of Target's recurring operations. Millions of people went shopping at Target during regular business hours. The company collected their data as part of its recurring operations. And then it failed to protect that information. The company foresaw that this might happen, too. It included multiple risk-factor disclosures in its most recent annual report cautioning that significant data-security breaches "could adversely affect our reputation and results of operations."
Excluding losses related to security breaches also might help boost Target executives' pay, although it isn't clear from the company's disclosures if this will happen. One of the performance metrics Target cited in the executive-compensation section of its latest proxy statement was adjusted earnings per share. Hausman declined to say if Target would use adjusted earnings to determine officers' pay for 2013. "There are a number of factors," he said.
Target surely is getting lots of crisis-management advice on how to respond to these security breaches. Here's some more: Pretending they didn't happen -- for any reason -- is an exceptionally dumb idea.
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the author on this story:
Jonathan Weil at email@example.com