Shoppers Just Don’t Care About Credit Card Hacks

3 minute read

If Target and The Home Depot are still reeling from the collective breach of 96 million customers’ credit and debit cards, it didn’t show in either company’s earnings reports this week.

Target posted $17.73 billion in revenue on Wednesday, beating one Wall Street consensus forecast by $17 million. That paled in comparison to Home Depot’s rosy earnings report on Tuesday, which showed store sales in the U.S. climbed by 5.8% in the third quarter. Breaches? What breaches?

Target’s dataclysm receded into the rear view mirror as the company revealed that expenses related to a credit card data breach late last year had plateaued at $153 million. The market rallied around its stock, driving up the share price by more than 6%. The Home Depot’s breach, though, was bigger and more recent. The verdict?

“We believe the breach is firmly behind [Home Depot] with momentum heading into 4Q,” wrote J.P. Morgan analyst Christophers Horvers. That assessment comes two months after Home Depot’s September announcement that 56 million credit card accounts had been hacked and upwards of 53 million email addresses were stolen. The only major business fallout for the company, as far as analysts could detect, was a curious blip in traffic toward Home Depot’s chief competitor, Lowe’s. “Perhaps the breach provided some traffic benefit,” Horvers speculated, before moving onto the retailer’s solid sales growth.

If neither shoppers nor shareholders ultimately punish big businesses for data breaches, will companies move to prevent them before they occur?

“In the end, the market’s behaving completely rationally,” says Avivah Litan, a security analyst for Gartner. “It’s still a pain in the neck for everyone, but there’s very little actual fraud committed as a result of these breaches.”

Litan says that hackers like those who pilfered credit card numbers at Target and Home Depot typically have a very short window of opportunity — less than one month — to rack up fraudulent charges before banks detect the suspicious activity. These heists tend to run in the range of $10 million, and shoppers rarely ever bear the costs. Instead, banks split the sum with the affected retailer, where any remaining cash vanishes into the fine print of the company’s quarterly earnings reports.

The real question, then, is why credit card hacks continue to make front page news. In the grand scheme of online theft, Litan says, what happened to Target and Home Depot shoppers is small potatoes — identity thieves have pulled off heists at ten times the scale of credit card fraud by going after medical and tax records. However, credit card hacks on retailers get lots of public attention because so many people can be affected so quickly.

“Stealing 50 million cards is just as easy as stealing 100 cards,” Litan says. The sheer number of stolen cards conjures up an image of a whole nation of shoppers exposed and helpless. But these crime stories tend to end with about as much drama as a third quarter earnings report.

More Must-Reads from TIME

Contact us at letters@time.com