Home Depot 2014 Annual Report Download - page 58

Download and view the complete annual report

Please find page 58 of the 2014 Home Depot annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 71

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71

53
the perimeter of the Company’s network. The intruder then acquired elevated rights that allowed it to navigate portions of the
Company’s systems and to deploy unique, custom-built malware on the Company’s self-checkout systems to access payment
card information of customers who shopped at the Company's U.S. and Canadian stores between April 2014 and September
2014. The investigation of the Data Breach is ongoing, and the Company is supporting law enforcement efforts to identify the
responsible parties.
Expenses Incurred and Amounts Accrued
In fiscal 2014, the Company recorded $63 million of pretax expenses related to the Data Breach, partially offset by $30
million of expected insurance proceeds for costs the Company believes are reimbursable and probable of recovery under its
insurance coverage, for pretax net expenses of $33 million. These expenses are included in SG&A expenses in the
accompanying Consolidated Statements of Earnings for fiscal 2014. Expenses include costs to investigate the Data Breach;
provide identity protection services, including credit monitoring, to impacted customers; increase call center staffing; and pay
legal and other professional services, all of which were expensed as incurred.
At February 1, 2015, accrued liabilities and insurance receivable related to the Data Breach consisted of the following
(amounts in millions):
Accrued
Liabilities Insurance
Receivable
(Expenses incurred) insurance receivable recorded $(63) $ 30
Payments made (received) 51 (10)
Balance at February 1, 2015 $(12) $ 20
Litigation, Claims and Government Investigations
In addition to the above expenses, the Company believes it is probable that the payment card networks will make claims
against the Company. The ultimate amount of these claims will likely include amounts for incremental counterfeit fraud
losses and non-ordinary course operating expenses (such as card reissuance costs) that the payment card networks assert they
or their issuing banks have incurred. In order for the Company to have liability for such claims, the Company believes it
would have to be determined, among other things, that (1) at the time of the Data Breach the portion of the Company’s
network that handles payment card data was noncompliant with applicable data security standards, and (2) the alleged
noncompliance caused at least some portion of the compromise of payment card data that occurred during the Data Breach.
Although an independent third-party assessor found the portion of the Company’s network that handles payment card data to
be compliant with applicable data security standards in the fall of 2013, and the process of obtaining such certification for
2014 was ongoing at the time of the Data Breach, in March 2015 the forensic investigator working on behalf of the payment
card networks alleged that the Company was not in compliance with certain of those standards at the time of the Data Breach.
As a result, the Company believes it is probable that the payment card networks will make claims against it and that the
Company will dispute those claims. When those claims are asserted, the Company will have to determine, based on the facts
and information then available to it, whether to litigate or seek to settle those claims. At this time, the Company believes that
settlement negotiations will ensue and that it is probable that the Company will incur a loss in connection with those claims.
The Company cannot reasonably estimate a range of losses because no claims have yet been asserted and because there are
significant factual and legal issues to be resolved. The Company will continue to evaluate information as it becomes known
and will record an estimate for losses at the time or times when it is both probable that a loss has been incurred and the
amount of the loss is reasonably estimable. The Company believes that the ultimate amount paid on payment card network
claims could be material to the Company's consolidated financial condition, results of operations, or cash flows in future
periods.
In addition, at least 57 actions have been filed in courts in the U.S. and Canada, and other claims may be asserted against the
Company on behalf of customers, payment card brands, payment card issuing banks, shareholders or others seeking damages
or other related relief, allegedly arising from the Data Breach. Furthermore, several state and federal agencies, including State
Attorneys General, are investigating events related to the Data Breach, including how it occurred, its consequences and the
Company's responses. The Company is cooperating in the governmental investigations, and the Company may be subject to
fines or other obligations. While a loss from these matters is reasonably possible, the Company is not able to estimate the
costs, or range of costs, related to these matters because the proceedings remain in the early stages, alleged damages have not
been specified, there is uncertainty as to the likelihood of a class or classes being certified or the ultimate size of any class if
certified, and there are significant factual and legal issues to be resolved. The Company has not concluded that a loss from
these matters is probable; therefore, the Company has not recorded an accrual for litigation, claims and governmental
investigations related to these matters in fiscal 2014. The Company will continue to evaluate information as it becomes