Background: Target Data Breach

On December 19, 2013, Target issued a press release confirming that it was aware of
unauthorized access to payment card data that may have impacted guests making debit and credit
card purchases in its U.S. stores. This press release revealed that approximately 40 million debit
and credit card accounts may have been impacted between November 27 and December 15,
2013. It alerted authorities and financial institutions immediately after it became aware of the
unauthorized access, and Target announced it was putting all appropriate resources behind these
efforts. This included partnering with a third-party forensics firm to conduct an investigation of
the incident.

In addition to reassuring customers that they would not be responsible for any fraudulent
charges, they also confirmed their commitment to customers and offered a 10% discount for all
shoppers on December 21 and 22nd.

Highlights: Target Corporation 2013 Financial Results

On March 14, 2014, Target issued its 2014 annual report. Discussions of the data breach effects
began on page 2 and were repeated throughout the 10-K. The management discussion and
analysis (MD&A) included nearly two full pages about the breach, and the breach was also
discussed in the description of business, risk factors, and several other places in the annual
report.

Target also mentioned their data breach in the MD&A alongside their discussion of their
accounting for legal and other continencies as follows:

Legal and other contingencies: We are exposed to other claims and litigation arising in
the ordinary course of business and use various methods to resolve these matters in a
manner that we believe serves the best interest of our shareholders and other
constituents. When a loss is probable, we record an accrual based on the reasonably
estimable loss or range of loss. When no point of loss is more likely than another, we
record the lowest amount in the estimated range of loss and disclose the estimated
range. We do not record liabilities for reasonably possible loss contingencies, but do
disclose a range of reasonably possible losses if they are material and we are able to
estimate such a range. If we cannot provide a range of reasonably possible losses, we
explain the factors that prevent us from determining such a range. Historically,
adjustments to our estimates have not been material.

We believe the accruals recorded in our consolidated financial statements properly

reflect loss exposures that are both probable and reasonably estimable. With the
exception of Data Breach-related loss exposures, we do not believe any of the currently
identifiable claims or litigation will materially affect our results of operations, cash flows,
or financial condition. However, litigation is subject to inherent uncertainties, and
unfavorable rulings could occur. If an unfavorable ruling were to occur, it may cause a
material adverse impact on the results of operations, cash flows or financial condition
for the period in which the ruling occurs, or future periods.
 For Data Breach-related exposures, we are unable to reasonably estimate a range of
probable loss in excess of the recorded payment card network contingent losses. We
believe that losses from the payment card networks in excess of the amount recorded in
fiscal 2013 are reasonably possible, and that these losses could be material to our
results of operations in future periods, but we are unable to estimate a range of such
reasonably possible losses. We are also unable to estimate a range of reasonably
possible losses arising from Data Breach litigation and governmental investigations.

Finally, in the notes to the financial statements, Target disclosed the following:

Insurance coverage
To limit our exposure to Data Breach losses, we maintain $100 million of network-
security insurance coverage, above a $10 million deductible. This coverage and certain
other insurance coverage may reduce our exposure. We will pursue recoveries to the
maximum extent available under the policies. As of February 1, 2014, we have recorded
a $44 million receivable for costs we believe are reimbursable and probable of recovery
under our insurance coverage, which partially offsets the $61 million of expense relating
to the Data Breach.

For the year ended February 1, 2014, Target reported net income of nearly $2 billion, $44.5
billion in assets, and generated $6.5 billion in operating cash flows.

Required:

1. Access the Target 10-K that was filed on March 14, 2014.1 Read the description of the
data breach in the MD&A. What potential future costs related to the data breach did
Target face?

2. Did Target accrue a contingent liability for future costs related to the data breach? If so,
how much was the liability as of February 1, 2014, and which specific costs did Target
accrue?

3. Consider any amounts accrued as a liability as of February 1, 2014 (question #2). Why
would such amounts be accrued versus just disclosed in the financial statements?

1
Access on Target Corp website: https://investors.target.com/static-files/62bf2115-f6da-4e8d-b8da-a69fc2eb8c8b or
via the SEC Edgar database: https://www.sec.gov/Archives/edgar/data/27419/000002741914000014/tgt-
20140201x10k.htm.