The retailer said Wednesday that its fourth-quarter profit slumped 46 percent. It also reported that revenue slipped 5.3 percent as the breach scared off customers.
During the holiday shopping season, personal data from millions of Target customers was stolen by hackers who targeted credit card terminals in its stores. The incident has scared shoppers away, and the company says its profits will be affected well into 2014.
"As we plan for the new fiscal year, we will continue to work tirelessly to win back the confidence of our guests. ... We are encouraged that sales trends have improved in recent weeks," said Gregg Steinhafel, chairman, president and CEO of Target.
The data breach comes on top of other woes, including sluggish sales in the U.S. and a disappointing foray into Canada.
The retailer, based in Minneapolis, said it earned $520 million, or 81 cents per share, for the three months that ended Feb. 1. That compares with a profit of $961 million, or $1.47 per share, a year earlier.
Revenue fell to $21.5 billion from $22.7 billion. Revenue at stores open at least a year, an important retail measurement, fell 2.5 percent.
Analysts had expected a profit of 80 cents on revenue of 21.5 billion, according to FactSet estimates.
The breach resulted in $17 million of net expenses in the fourth quarter, Target said, with $61 million of total expenses partially offset by the recognition of a $44 million insurance receivable. The company said it can't yet estimate how much more the data breach will cost.
Target said expenses may include payments to card networks to cover losses and expenses for reissuing cards, lawsuits, government investigations and enforcement proceedings.
The costs could hurt the company's first-quarter and full-year earnings, it said.
But investors sent shares of Target up nearly 4 percent, or $2.19 to $58.70 in premarket trading Wednesday as the earnings beat Wall Street estimates by a penny. Investors also seemed soothed that sales were recovering. The stock has fallen about 10 percent since the company disclosed the breach in mid-December.
Still, Target has much work to do to bring back customers who are still scared to shop there.
The massive data breach compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15.
Target disclosed the breach Dec. 19 and then on Jan. 10 it said that hackers also stole personal information — including names, phone numbers as well as email and mailing addresses — from as many as 70 million customers.
When the final tally is in, Target's breach may eclipse the biggest known data breach at a retailer, one disclosed in 2007 at the parent company of TJMaxx that affected 90 million records.
Target is offering free credit monitoring services for a year to those who had their data compromised.
John Mulligan, Target's chief financial officer, told The Associated Press Wednesday that the most loyal customers have stuck with Target, but wooing back others will take time.
"We need to remind people why they fell in love with Target," he said.
Target is now accelerating its $100 million plan to implement the use of chip-enabled technology by early 2015 in all 1,800 stores to protect itself against cyber thieves.
It isn't clear when Target will fully recover from the breach, but Avivah Litan, a security analyst at Gartner Inc., puts the costs of the breach at between $400 million and $450 million.
Target's results are also being weighed down by stumbles in its expansion into Canada, its first foray outside the U.S.
Target is trying to fix problems with shortages and Canadians' perception that prices are too high. The company had opened about 124 stores, at locations once owned by Canadian retailer Zellers, by the end of last year.
The company said it expects earnings per share for the current quarter to range from 60 cents to 75 cents. Analysts had previously expected 88 cents.
For the full year, Target expects earnings per share to range between $3.85 and $4.15. Analysts had expected $4.21.
Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.