In the annals of hacker victims, Home Depot Inc. is no Target Corp.
Though Home Depot's recent data breach compromised 56 million payment cards more than the 40 million in Target's incident the company isn't predicting a hit to revenue and investors have been unfazed by the attack. Target, in contrast, suffered a sales drop-off and a stock slump that contributed to the ouster of Chief Executive Officer Gregg Steinhafel in May.
Home Depot, the world's biggest home-improvement chain, has persevered in part because the news of its attack broke in early September a relatively benign time. Americans typically fix up their homes in the spring and early summer. Target's hackers, meanwhile, infiltrated its computer system during the all- important holiday-shopping season.
"Target got hit at the worst possible time," said Joseph Feldman, analyst at Telsey Advisory Group in New York. "For Home Depot, the peak summer selling season was over."
Home Depot also came forward more quickly with a public admission. The Atlanta-based retailer made its first disclosure about a potential breach on Sept. 2, the day it learned from banks and law enforcement that hackers may have infiltrated its defenses. It then confirmed that it had been attacked on Sept. 9 and followed up yesterday by giving the number of payment cards affected.
In Target's case, the retailer learned of a possible breach from law enforcement on Dec. 12. The company disclosed the attack a week later, following a report by independent journalist Brian Krebs. In addition, Target had ignored warnings from its hacker-detection tools, missing an opportunity to stop the problem sooner, according to a Bloomberg Businessweek report in March.
Krebs also reported on the Home Depot attack, breaking news on the breach a few hours before the home-improvement chain made its own statement. Still, Home Depot's promptness in sharing information with customers helped improve its standing, said Jaime Katz, an analyst at Morningstar Inc. in Chicago.
"Home Depot did a good job of being as transparent as possible to put their customer's fears at ease," she said.
The company also is benefiting from data-breach fatigue. After several retail hacker attacks over the past year, shoppers simply aren't as concerned anymore, said Seth Basham, an analyst at Wedbush Morgan Securities in New York.
Credit-card customers aren't liable for charges made without their consent, limiting their exposure. Home Depot has said there's no evidence personal identification numbers for debit cards were compromised. That data is especially sensitive because it can be used to withdraw cash from an automated teller machine. Purchases made online and at stores in Mexico weren't affected either.
"Consumers were conditioned, somewhat, from the fallout at Target they're a little less paranoid," Basham said.
Home Depot expects to pay about $62 million this year to recover from the incursion, including additional costs for call- center staffing and legal expenses. Insurance will cover $27 million of that tab, the company said.
For now, the hacker attack hasn't dented Home Depot's growth projections. The chain reaffirmed its revenue forecast yesterday, predicting a gain of 4.8 percent.
Investors have mostly shrugged off the Home Depot breach. Since Aug. 29, the last trading day before the hack was first made public, the shares are only down 1.5 percent. In contrast, Target's stock has only recently returned to where it was before its incursion. After its breach was revealed, the shares fell in seven of the following eight weeks.
It helps that Home Depot was in generally better shape than Target, which had already been suffering from sluggish U.S. sales and a botched expansion into Canada. The Minneapolis-based discount chain also has been contending with more competition from e-commerce rivals such as Amazon.com Inc., and it's been late to move into small-format stores, an area where Wal-Mart Stores Inc. is making gains.
At Home Depot, a rebounding housing market has fueled growth. The stock was trading at an all-time high on Aug. 29, the last trading day before the retailer acknowledged a breach may have occurred.
"For Home Depot, it's almost an $80 billion annual revenue company and it's hard to see how $100 million or whatever the costs from the breach wind up being will materially change it," Katz said.
