ABSTRACT
Introduction During November and December of 2013, Target stores fell victim to a massive cyberattack, resulting in hackers stealing 40 million customer credit/debit cards (Target Corporation, 2013) and another 70 million customer records (Target Corporation, 2014a).1 Over the next two months, the retailer spent over $60 million in the form of technical remediation, customer relations, and legal costs (McGrath, 2014). As a result, Target profits were down 46 per cent in the fourth quarter of 2013, the holiday shopping season on which retailers rely for the majority of their revenues (McGrath, 2014). To date, the breach has cost Target $290 million, with several lawsuits still unsettled (Raywood, 2015). The Target data breach illustrates that ongoing direct costs of a compromise are compounded with indirect costs such as the erosion of customer/brand loyalty.
