COMMITMENTS AND CONTINGENCIES

At January 31, 2016, the Company was contingently liable for approximately $422 million under outstanding letters of credit and open accounts issued for certain business transactions, including insurance programs, trade contracts and construction contracts. The Company’s letters of credit are primarily performance-based and are not based on changes in variable components, a liability or an equity security of the other party.

In addition to the Data Breach described below, the Company is involved in litigation arising from the normal course of business. In management’s opinion, this litigation is not expected to have a material adverse effect on the Company’s consolidated financial condition, results of operations or cash flows.

Data Breach

As previously reported, in the third quarter of fiscal 2014, the Company confirmed that its payment data systems were breached, which potentially impacted customers who used payment cards at self-checkout systems in the Company’s U.S. and Canadian stores (the "Data Breach").

Litigation, Claims and Government Investigations

In the second quarter of fiscal 2015, the payment card networks made claims against the Company for costs that they assert they or their issuing banks incurred in connection with the Data Breach, including incremental counterfeit fraud losses and non-ordinary course operating expenses (such as card reissuance costs), and the Company recorded an accrual for estimated probable losses it expected to incur in connection with those claims. In the third and fourth quarters of fiscal 2015, the Company entered into settlement agreements with American Express, Discover, MasterCard and Visa with respect to their claims.

In addition, at least 57 putative class actions have been filed in courts in the U.S. and Canada allegedly arising from the Data Breach. The U.S. class actions have been consolidated for pre-trial proceedings in the United States District Court for the Northern District of Georgia (the "District Court"). That court ordered that the individual class actions be administratively closed in favor of the filing of consolidated class action complaints on behalf of customers and financial institutions allegedly harmed by the Data Breach. In the third quarter of fiscal 2015, the Company recorded an accrual for estimated probable losses that it expects to incur in connection with the U.S. customer class actions. In the fourth quarter of fiscal 2015, the Company agreed in principle to settlement terms that, upon approval of the District Court, will resolve and dismiss the claims asserted in the U.S. customer class actions.

The accruals for estimated probable losses in connection with the payment card networks’ claims and the U.S. customer class actions are based on currently available information associated with those matters. These estimates may change as new information becomes available or circumstances change.

Other claims have been and may be asserted against the Company on behalf of customers, payment card issuing banks, shareholders or others seeking damages or other related relief allegedly arising from the Data Breach. In the third quarter of fiscal 2015, two purported shareholder derivative actions were filed in the District Court against certain present and former members of the Company’s Board of Directors and executive officers. The Company was also named as a nominal defendant in both suits, which together assert claims for breaches of fiduciary duty, waste of corporate assets and violations of the Securities Exchange Act of 1934. In the first quarter of fiscal 2016, the two actions were consolidated into a single derivative complaint. The complaint seeks unspecified damages, equitable relief to reform the Company’s corporate governance structure, restitution, disgorgement of profits, benefits and other compensation obtained by the defendants, and reasonable costs and expenses. In addition, several state and federal agencies, including State Attorneys General, are investigating events related to the Data Breach, including how it occurred, its consequences and the Company’s responses. The Company is cooperating in the governmental investigations, and the Company may be subject to fines or other obligations. While a loss from these matters, including the Canadian class actions and the U.S. financial institution class actions, is reasonably possible, the Company is not able to estimate the costs, or range of costs, related to these matters because the proceedings remain in the early stages, alleged damages have not been specified, there is uncertainty as to the likelihood of a class or classes being certified or the ultimate size of any class if certified, and there are significant factual and legal issues to be resolved. The Company has not concluded that a loss from these matters is probable; therefore, the Company has not recorded an accrual for litigation, claims and governmental investigations related to these matters in fiscal 2015. The Company will continue to evaluate information as it becomes known and will record an estimate for losses at the time or times when it is both probable that a loss has been incurred and the amount of the loss is reasonably estimable. The Company believes that the ultimate amount paid on these actions, claims and investigations could have an adverse effect on the Company’s consolidated financial condition, results of operations or cash flows in future periods.

Expenses Incurred and Amounts Accrued

In fiscal 2015, the Company recorded $198 million of pretax gross expenses related to the Data Breach, partially offset by $70 million of expected insurance proceeds, for pretax net expenses of $128 million. Since the Data Breach occurred, the Company has recorded $261 million of pretax gross expenses related to the Data Breach, partially offset by $100 million of expected insurance proceeds, for pretax net expenses of $161 million. These expenses include costs to investigate the Data Breach; provide identity protection services, including credit monitoring, to impacted customers; increase call center staffing; and pay legal and other professional services, all of which were expensed as incurred. Expenses also include the accruals for estimated probable losses that the Company has incurred or expects to incur in connection with the claims made by the payment card networks and the U.S. customer class actions. These expenses are included in SG&A expenses in the accompanying Consolidated Statements of Earnings.

At January 31, 2016, accrued liabilities and insurance receivable related to the Data Breach consisted of the following (amounts in millions):



	Accrued Liabilities			Insurance Receivable
(Expenses incurred) insurance receivable recorded in fiscal 2014	$	(63	)	$	30
Payments made (received) in fiscal 2014	51			(10		)
Balance at February 1, 2015	(12		)	20
(Expenses incurred) insurance receivable recorded in fiscal 2015	(198		)	70
Payments made (received) in fiscal 2015	176			(20		)
Balance at January 31, 2016	$	(34	)	$	70

Future Costs

The Company expects to incur additional legal and other professional services expenses associated with the Data Breach in future periods and will recognize these expenses as services are received. Costs related to the Data Breach that may be incurred in future periods may include additional liabilities to payment card networks and impacted customers; liabilities from current and future civil litigation, governmental investigations and enforcement proceedings; future expenses for legal, investigative and consulting fees; and incremental expenses and capital investments for remediation activities. The Company believes that the ultimate amount paid on these services and claims could have an adverse effect on the Company’s consolidated financial condition, results of operations or cash flows in future periods.

Insurance Coverage

The Company maintained $100 million of network security and privacy liability insurance coverage in fiscal 2014, above a $7.5 million deductible, to limit the Company’s exposure to losses such as those related to the Data Breach. As of January 31, 2016, the Company had received initial payments totaling $30 million of insurance reimbursements under the fiscal 2014 policy, and expects to receive additional payments. The Company maintained $100 million of network security and privacy liability insurance coverage in fiscal 2015, above a $10 million deductible, to limit the Company’s exposure to similar losses. In the first quarter of fiscal 2016, the Company entered into a new policy, with $100 million of network security and privacy liability insurance coverage, above a $10 million deductible, to limit the Company’s exposure to similar losses.