HD_8K_09.18.2014
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
__________________
FORM 8-K
__________________
CURRENT REPORT
Pursuant to Section 13 or 15(d) of the
Securities Exchange Act of 1934
Date of Report (Date of Earliest Event Reported): September 18, 2014
__________________
THE HOME DEPOT, INC.
(Exact Name of Registrant as Specified in Charter)
__________________
|
| | | | |
Delaware | | 1-8207 | | 95-3261426 |
(State or Other Jurisdiction of Incorporation) | | (Commission File Number) | | (IRS Employer Identification No.) |
2455 Paces Ferry Road, N.W., Atlanta, Georgia 30339
(Address of Principal Executive Offices) (Zip Code)
(770) 433-8211
(Registrant’s Telephone Number, Including Area Code)
Not Applicable
(Former Name or Former Address, if Changed Since Last Report)
__________________
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instruction A.2 below):
¨ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
¨ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
¨ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
¨ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))
| |
Item 7.01. | Regulation FD Disclosure. |
In connection with the update on its data breach discussed in Item 8.01 below, on September 18, 2014, The Home Depot, Inc. said that its fiscal third quarter sales, including sales in September, are on plan and provided updated guidance. Based on its fiscal third quarter results to date, the Company confirmed its previous fiscal 2014 sales growth guidance of approximately 4.8 percent. The Company also revised its fiscal 2014 diluted earnings-per-share growth guidance and expects that fiscal 2014 diluted earnings per share will grow by 21 percent to approximately $4.54, versus the Company's prior guidance of $4.52.
The Company's fiscal 2014 diluted earnings-per-share guidance includes estimates for the cost to investigate the data breach, provide credit monitoring services to its customers, increase call center staffing, and pay legal and professional services, all of which are expensed as incurred in a gross amount of approximately $62 million, partially offset by a $27 million receivable for costs the Company believes are reimbursable and probable of recovery under its insurance coverage. Further, the Company's fiscal 2014 diluted earnings-per-share guidance includes a pre-tax gain of approximately $100 million related to the sale of 3.6 million shares of the common stock of HD Supply Holdings, Inc. ("HD Supply"), which occurred and will be recognized in the third quarter of fiscal 2014. The Company's ownership of HD Supply is now approximately 8.2 million shares.
The Company's fiscal 2014 diluted earnings-per-share guidance does not include an accrual for other yet-to-be determined estimated probable losses related to the breach. At this time, other than the breach-related costs contained in the Company's updated fiscal 2014 diluted earnings-per-share guidance, the Company is not able to estimate the costs, or a range of costs, related to the breach. Costs related to the breach may include liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs; liabilities related to the Company's private label credit card fraud and card reissuance; liabilities from current and future civil litigation, governmental investigations and enforcement proceedings; future expenses for legal, investigative and consulting fees; and incremental expenses and capital investments for remediation activities. Those costs may have a material adverse effect on The Home Depot's financial results in the fourth quarter and/or future periods.
The information contained in this Item 7.01 is being furnished and shall not be deemed filed for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, or otherwise subject to the liabilities of Section 18. Furthermore, the information contained in this Item 7.01 shall not be deemed to be incorporated by reference into any registration statement or other document filed pursuant to the Securities Act of 1933, as amended.
On September 18, 2014, The Home Depot®, the world's largest home improvement retailer, confirmed that the malware used in its recent breach has been eliminated from its U.S. and Canadian networks. The Company also has completed a major payment security project that provides enhanced encryption of payment data at point of sale in the Company's U.S. stores, offering significant new protection for customers. Roll-out of enhanced encryption to Canadian stores will be complete by early 2015. Canadian stores are already enabled with EMV "Chip and PIN" technology.
Investigation Details
The investigation into a possible breach began on Tuesday morning, September 2, immediately after The Home Depot received reports from its banking partners and law enforcement that criminals may have breached its systems.
Since then, the Company's IT security team has been working around the clock with leading IT security firms, its banking partners and the Secret Service to rapidly gather facts, resolve the problem and provide information to customers.
The Company's ongoing investigation has determined the following:
| |
• | Criminals used unique, custom-built malware to evade detection. The malware had not been seen previously in other attacks, according to Home Depot's security partners. |
| |
• | The cyber-attack is estimated to have put payment card information at risk for approximately 56 million unique payment cards. |
| |
• | The malware is believed to have been present between April and September 2014. |
To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the Company quickly put in place other security enhancements. The hackers' method of entry has been closed off, the malware has been eliminated from the Company's systems, and the Company has rolled out enhanced encryption of payment data to all U.S. stores.
There is no evidence that debit PIN numbers were compromised or that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com or HomeDepot.ca.
The Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on.
Payment Security Enhancements
The Company's new payment security protection locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers. Home Depot's new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms.
The encryption project was launched in January 2014. The rollout was completed in all U.S. stores on Saturday, September 13, 2014. The rollout to Canadian stores will be completed by early 2015.
EMV "Chip and PIN" technology, which began rolling out in early 2013 and already exists in Canadian stores, will be deployed to all U.S. stores by the end of the year, well ahead of a 2015 deadline established by the payments industry.
These projects required writing tens of thousands of lines of new software code and deploying nearly 85,000 new pin pads to stores.
Certain statements contained in this Form 8-K constitute "forward-looking statements" as defined in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are based on the Company's current assumptions and expectations (which may change) and may relate to, among other things, (a) the impact of the breach on the Company's results of operations, including (i) costs related to the breach (including any costs not currently reflected in the Company's guidance), the related ongoing investigation and resulting liabilities, (ii) the outcome of the Company's ongoing investigation, including the potential discovery of new information related to the breach, such as the discovery that additional information has been stolen, and customers' and other stakeholders' reaction to that new information, (iii) the Company's ability to recover any proceeds under its insurance policies, (iv) the uncertainty regarding the outcome of any current or future civil litigation, governmental investigations and enforcement proceedings, and their impact on the Company's financial performance and operations, (v) loss of customer confidence in the Company's ability to protect their information and the adverse impact this loss of confidence may have on sales, and (vi) the Company's ability to effectively or timely implement adequate payment security enhancements and other remediation efforts and the Company's potential inability to prevent future attacks; (b) the demand for the Company's products, services and credit offerings; (c) net sales growth; (d) comparable store sales; (e) state of the credit markets; (f) continuation of share repurchase programs at previously announced levels; (g) net earnings performance; (h) earnings per share; (i) guidance for fiscal 2014 and beyond; and (j) financial outlook. Forward-looking statements are based on currently available information and the Company's current assumptions, expectations and projections about future events. You should not rely on the Company's forward-looking statements. These statements are not guarantees of future performance and are subject to future events, risks and uncertainties – many of which are beyond the Company's control or are currently unknown to the Company – as well
as potentially inaccurate assumptions that could cause actual results to differ materially from the Company's expectations and projections. These risks and uncertainties include but are not limited to those described in Item 1A, “Risk Factors,” and elsewhere in the Company's Annual Report on Form 10-K for its fiscal year ended February 2, 2014, in its subsequent Quarterly Reports on Form 10-Q and in any other materials or reports it files with the Securities and Exchange Commission (the "SEC").
Forward-looking statements speak only as of the date they are made, and the Company does not undertake to update these statements other than as required by law. You are advised, however, to review any further disclosures the Company makes on related subjects in its periodic filings with the SEC.
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
|
| | |
| | |
| THE HOME DEPOT, INC. |
| | |
| By: | /s/ Teresa Wynn Roseborough |
| Name: | Teresa Wynn Roseborough |
| Title: | Executive Vice President, General Counsel & Corporate Secretary |
Date: September 18, 2014