Staples 2015 Annual Report Download - page 138

Download and view the complete annual report

Please find page 138 of the 2015 Staples annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 163

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163

APPENDIX C
C-21 STAPLES Form 10-K
STAPLES, INC. AND SUBSIDIARIES
Notes to Consolidated Financial Statements (continued)
Contingencies
The Company has investigated, with the assistance of outside
experts, a data security incident involving unauthorized access
into the computer systems of PNI Digital Media Ltd ("PNI"),
a subsidiary of the Company, which the Company acquired
in July 2014. PNI, which is based in Vancouver, British
Columbia, provides a software platform that enables retailers
to sell personalized products such as photo prints, photo
books, calendars, business cards, stationery and other similar
products. PNI’s customers include a number of major third party
retailers, as well as affiliates of the Company. The investigation
determined that an unauthorized party entered PNI’s systems
and was able to deploy malware on some of PNI’s servers
supporting its clients. The malware was designed to capture
data that end users input on the photosites. Some of PNI's
affected customers have notified certain of their users of a
potential compromise of the users' payment card information
and/or other personal information. PNI took prompt steps to
contain the incident, including disabling the retailer photosites
or online payment transactions for a period while the incident
was being investigated, and to further enhance the security of
its retailer customers' data. To date the Company has incurred
incremental expenses of $18 million related to the incident.
The expenses reflect professional service fees incurred by
the Company, as well as claims by PNI's retailer customers.
Additional losses and expenses relating to the incident are
probable; however, at this stage, we do not have sufficient
information to reasonably estimate such losses and expenses.
The types of losses and expenses that may result from the
incident include, without limitation: claims by PNI’s retailer
customers, including indemnification claims for losses and
damages incurred by them; claims by end-users of PNI’s
services, including class action lawsuits that have been filed,
and further class action lawsuits that may be filed, in Canada
and the United States; investigations and claims by various
regulatory authorities in Canada and the United States;
investigation costs; remediation costs; and legal fees. We will
continue to evaluate information as it becomes known and will
record an estimate for additional losses or expenses at the
time or times when it is both probable that any loss has been
incurred and the amount of such loss is reasonably estimable.
Such losses may be material to our results of operations and
financial condition. The Company maintains network security
insurance coverage, which the Company expects would help
mitigate the financial impact of the incident.
In December 2014, the Company announced that the
investigation into its previously announced data security
incident had determined that malware deployed by criminals
to some point of sale systems at 115 of the Company’s more
than 1,400 U.S. retail stores may have allowed access to
transaction data at those affected stores. As a result, cardholder
names, payment card numbers, expiration dates, and card
verification codes for approximately 1.16 million payment
cards may have been affected. Upon detection, the Company
immediately took action to eradicate the malware and
commenced an investigation into the incident, working closely
with payment card companies and law enforcement and with
the assistance of outside data security experts. The Company
also has taken steps to further enhance the security of its point
of sale systems, including the use of new encryption tools.
The Company continues to evaluate cybersecurity policies
and practices to mitigate the risk of future incidents. Expenses
incurred to date related to this incident have not been material.
It is reasonably possible that the Company may incur additional
expenses or losses in connection with the incident; however,
at this time the Company is unable to reasonably estimate any
such additional expenses or losses. In addition, the Company
maintains network security insurance coverage, which it
expects would help mitigate any material financial impact.
In 2013 the Company completed the sale of PSD, recognizing
a preliminary loss on disposal of $81 million that was subject
to the impact of a working capital adjustment to the purchase
price. On April 22, 2015, the purchaser commenced litigation
in Amsterdam District Court claiming that it was entitled to a
purchase price adjustment of approximately €60 million. On
April 22, 2015, the Company made a payment to the purchaser
of approximately €4 million (the amount of the purchase price
adjustment it believed was appropriate) and the purchaser
reduced its claim accordingly. The purchaser further reduced
its claim to €52 million in response to expert reports submitted
by the Company in the court case. The court held a hearing
on December 1, 2015, and on January 13, 2016 it issued a
judgment rejecting the purchaser’s claims in their entirety and
awarding costs to the Company. The purchaser filed a notice
of appeal on February 15, 2016, which the Company intends
to vigorously defend. If the purchaser prevails on appeal, it
could result in an adjustment, which may be material, to the
loss we recorded for the transaction.
From time to time, the Company is involved in litigation arising
from the operation of its business that is considered routine
and incidental to its business. The Company estimates
exposures and establishes reserves for amounts that are
probable and can be reasonably estimated. However,
litigation is inherently unpredictable and the outcome of legal
proceedings and other contingencies could be unexpected or
differ from the Company’s reserves. The Company does not
believe it is reasonably possible that a loss in excess of the
amounts recognized in the consolidated financial statements
as of January 30, 2016 would have a material adverse effect
on its business, results of operations or financial condition.