Home » Home Depot Annual Reports » 2014 Annual Report - page 23

Home Depot 2014 Annual Report Download - page 23

Download and view the complete annual report

Please find page 23 of the 2014 Home Depot annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations.

Executive Summary and Selected Consolidated Statements of Earnings Data

For the fiscal year ended February 1, 2015 ("fiscal 2014"), we reported Net Earnings of $6.3 billion and Diluted Earnings per

Share of $4.71 compared to Net Earnings of $5.4 billion and Diluted Earnings per Share of $3.76 for the fiscal year ended

February 2, 2014 ("fiscal 2013"). The results for fiscal 2014 included $33 million of pretax net expenses related to a breach

of our payment data systems (the "Data Breach"). The results for fiscal 2014 also included a $323 million pretax gain related

to the sale of a portion of our equity ownership in HD Supply Holdings, Inc. ("HD Supply").

Net Sales increased 5.5% to $83.2 billion for fiscal 2014 from $78.8 billion for fiscal 2013. Our total comparable store sales

increased 5.3% in fiscal 2014, driven by a 3.5% increase in our comparable store customer transactions and a 1.8% increase

in our comparable store average ticket. Comparable store sales for our U.S. stores increased 6.1% in fiscal 2014.

Data Breach

In the third quarter of fiscal 2014, we confirmed that our payment data systems were breached, which potentially impacted

customers who used payment cards at self-checkout systems in our U.S. and Canadian stores. Our investigation to date has

determined the intruder used a vendor’s user name and password to enter the perimeter of our network. The intruder then

acquired elevated rights that allowed it to navigate portions of our systems and to deploy unique, custom-built malware on

our self-checkout systems to access payment card information of up to 56 million customers who shopped at our U.S. and

Canadian stores between April 2014 and September 2014. On September 18, 2014, we confirmed that the malware used in

the Data Breach had been eliminated from our systems. There is no evidence that debit PIN numbers were compromised or

that the Data Breach impacted stores in Mexico or customers who shopped online at HomeDepot.com or HomeDepot.ca. In

addition, we announced on November 6, 2014 that separate files containing approximately 53 million email addresses were

also taken during the Data Breach. These files did not contain passwords, payment card information or other sensitive

personal information. The investigation of the Data Breach is ongoing, and we are supporting law enforcement efforts to

identify the responsible parties.

In September 2014, we completed a major payment security project that provides enhanced encryption of payment card data

at the point of sale in all of our U.S. stores, offering significant new protection for customers. The new security protection

takes raw payment card information and scrambles it to make it unreadable to unauthorized users. We are also rolling out

enhanced encryption to our Canadian stores and EMV chip-and-PIN technology in our U.S. stores, which will add extra

layers of payment card protection for customers who use EMV enabled chip-and-PIN cards. Our Canadian stores are already

enabled with EMV chip-and-PIN technology.

Expenses Incurred

In fiscal 2014, we recorded $63 million of pretax expenses related to the Data Breach, partially offset by $30 million of

expected insurance proceeds for costs we believe are reimbursable and probable of recovery under our insurance coverage,

for pretax net expenses of $33 million. These expenses are included in Selling, General and Administrative expenses in the

accompanying Consolidated Statements of Earnings for fiscal 2014. Expenses include costs to investigate the Data Breach;

provide identity protection services, including credit monitoring, to impacted customers; increase call center staffing; and pay

legal and other professional services, all of which were expensed as incurred.

Litigation, Claims and Government Investigations

In addition to the above expenses, we believe it is probable that the payment card networks will make claims against us. The

ultimate amount of these claims will likely include amounts for incremental counterfeit fraud losses and non-ordinary course

operating expenses (such as card reissuance costs) that the payment card networks assert they or their issuing banks have

incurred. In order for us to have liability for such claims, we believe it would have to be determined, among other things, that

(1) at the time of the Data Breach the portion of our network that handles payment card data was noncompliant with

applicable data security standards, and (2) the alleged noncompliance caused at least some portion of the compromise of

payment card data that occurred during the Data Breach. Although an independent third-party assessor found the portion of

our network that handles payment card data to be compliant with applicable data security standards in the fall of 2013, and

the process of obtaining such certification for 2014 was ongoing at the time of the Data Breach, in March 2015 the forensic

investigator working on behalf of the payment card networks alleged that we were not in compliance with certain of those

standards at the time of the Data Breach. As a result, we believe it is probable that the payment card networks will make

claims against us and that we will dispute those claims. When those claims are asserted, we will have to determine, based on

the facts and information then available to us, whether to litigate or seek to settle those claims. At this time, we believe that

settlement negotiations will ensue and that it is probable that we will incur a loss in connection with those claims. We cannot