Editor's note: Hedgeye analyst Brian McGough provides his quick take on the debacle at Target.
- "Target on Friday confirmed that strongly encrypted PIN data was removed from its system during the security breach that took place between Black Friday and Dec. 15."
- "'While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed,' Target said Friday. 'We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system and remained encrypted when it was removed from our systems.'”
Takeaway: Don't underestimate how much of a disaster this is for Target. Yes, it's a breach of confidence on the part of the consumer -- and as we know from JCP, rattled confidence can take a long time to regain. But there is also financial pain -- partially in the form of lost sales, but also because TGT was not insured for this. That's the part of this whole mess that simply blows our mind. Some retailers simply use Paypal, as it transfers the liability. We know it's unrealistic to assume that all TGT shoppers use Paypal. But it is realistic to expect the company to but in place the appropriate risk management (i.e. insurance).
You want to join the Hedgeye Revolution? Learn more here.