Home Depot: Will The Impact Of The Data Breach Be Significant?

-3.78%
Downside
420
Market
404
Trefis
HD: The Home Depot logo
HD
The Home Depot

Home Depot (NYSE:HD) holds the dominant position in the U.S. home improvement industry, accounting for approximately 60% of all revenues. With 1,977 stores across the U.S., Home Depot has been a one-stop shop for many consumers looking to buy home improvement goods. Since the recession, the stock has grown continuously, registering an approximate 45% increase in the last 52 weeks alone. While we expect continued optimism in the U.S. economy, specifically in the housing markets to aid further growth, the impact of a huge data breach announced last year continues to loom over the retailer’s prospects. [1]

We have a price estimate of $100 for Home Depot’s stock, which is below the current market price.

Our complete analysis for Home Depot’s stock

Relevant Articles
  1. What’s Next For Home Depot Stock After An Upbeat Q3?
  2. With The Stock Almost Flat This Year, Will Q2 Results Drive Home Depot’s Stock Higher?
  3. With The Stock Flat This Year, Will Q1 Results Drive Home Depot Stock Higher?
  4. Down 8% This Year Will Home Depot Stock Rebound After Its Q3?
  5. Home Depot Stock To See Little Movement Past Q2
  6. Why Homebuilder Stocks Are Soaring This Year

Home Depot was the latest in the chain of large companies under a cyber attack targeted at their payment terminals, where a security breach left approximately 56 million credit and debit card numbers exposed. [2] Although the company did not lose business in the quarters after the revelation of the breach, the management has indicated significant expenses in terms of “legal help, credit card fraud, and card re-issuance costs” going forward. ((Home Depot Q3 2014 10-Q, SEC)) Trefis attempts to quantify the impact of the data breach and analyze the consequences of this for the retailer in the future.

A report by Ponemon Research estimates the cost of a data breach at upwards of $194 per compromised record. [3] Typical costs related to a breach can be classified into investigation, remediation, notification to individuals, identity theft repair, and credit monitoring, regulatory fines, disruptions in normal business operations, lost business, and related lawsuits. [4] Let’s look at each of these in turn with respect to Home Depot’s case:

  • Investigation and Remediation: While investigation typically involves costs related to examining how and why the data was compromised, remediation involves costs related to setting up safeguards to avoid cases of breach going forward. The retailer indicated a $43 million pre-tax expense in investigation and remediation in the third quarter of 2014 alone. [5] Home Depot, in its recent earnings report, has indicated higher investments in IT security going forward. For one, they have already rolled out enhanced encryption of payment data at the point of sale in their U.S. stores and are expected to carry this into their Canada stores in 2015. We assume an expense of approximately $60 per record in investigation and remediation.
  • Notification: This involves the costs related to information provision to relevant individuals, regulators, and media personnel. In a case as large as the one at Home Depot, involving 56 million individuals, the costs of notifying could be daunting. At 49 cents per stamp, the one time cost of notifying just those affected comes to a whopping $27.44 million.
  • Identity theft and credit monitoring: The cost of identity theft protection could range anywhere between $7 to $15 per victim. Assuming a $10 price per victim, the price of this runs into an approximate $560 million cost for Home Depot.
  • Disruptions in normal business operations: The opportunity cost of spending on cleaning up after a data breach involves reduced investments in the company’s operations. Furthermore, with the management spending more time communicating breach-related developments, this also reduces the time spent on standard business activities. We assume a loss of $20 per record on this front.
  • Lost business: Data breach also results in loss of customers to fellow competitors. Ponemon’s research estimates a “high churn rate” at 6% for breach cases in the financial, communication, and health-care industries. [4] We assume a 3% churn rate for Home Depot, given the duopolistic set-up with Lowe’s. This brings us to a loss of approximately $30 per record. In spite of dealing with a case that is bigger than the data breach at Target in late 2013, Home Depot is not expected to lose out on much revenue. Part of this is because the retailer will continue to reap the benefits of an upbeat U.S. economy and housing market. Furthermore, unlike Target, where consumers moved to the likes of Costco or Kohl’s, there are hardly any substitutes when it comes to buying material such as plywood, saws, cement, or the like. [6]
  • Lawsuits: Lastly, there’s the matter of lawsuits. Home Depot has already been slapped with 44 lawsuits related to the breach, which could go further up in number as state and federal agencies continue to investigate. Furthermore, Home Depot is likely to incur millions as card networks make claims against the company in counterfeit fraud losses and the issuance of new cards. [7] According to credit protection firm Billguard, Home Depot is likely to incur close to $3 billion in fraud with an average of $332 spent per credit or debit card. [8] This amounts to approximately $54 per record.

Based on our calculations, we arrive at an estimated cost of $176 per compromised record in recurring expenses or a total cost of approximately $10 billion to be incurred by the end of the decade. On account of disruptions in business and lost business, we expect EBITDA to grow at a slower rate going into 2017, before reaching it’s initial forecasted levels by the decade-end as consumers regain confidence in the retailer. The management’s candidness in the face of adversity, and the steps that they have taken to mitigate the chances of such an attack in the future, in terms of investment in cyber security, could recoup confidence among existing customers and also increase appeal among new ones. We expect higher capital expenses as the retailer continues to invest in cyber security enhancements, such as enhanced encryptions and EMV Chip-and-PIN technology. [9] Taking all these factors into account, we anticipate a 13% downside to our current price estimate on account of the breach for Home Depot.

See our complete analysis for Home Depot in the scenario of the data breach

View Interactive Institutional Research (Powered by Trefis):

Global Large CapU.S. Mid & Small CapEuropean Large & Mid Cap

More Trefis Research

Notes:
  1. Key Trends In Housing Impacting The Home Improvement Market []
  2. Home Depot Q3 2014 10-Q, SEC []
  3. Ponemon Institute Releases 2014 Cost of Data Breach: Global Analysis []
  4. Calculating The Colossal Cost of A Data Breach [] []
  5. Home Depot Breach Has Already Cost $43 Million []
  6. Why Home Depot Is Not The Next Target []
  7. Home Depot facing dozens of data breach lawsuits []
  8. Home Depot Data Breach Class Action Lawsuit []
  9. The Home Depot Reports Findings in Payment Data Breach Investigation []