COMMITMENTS AND CONTINGENCIES

At January 29, 2017, the Company was contingently liable for approximately $473 million under outstanding letters of credit and open accounts issued for certain business transactions, including insurance programs, trade contracts and construction contracts. The Company’s letters of credit are primarily performance-based and are not based on changes in variable components, a liability or an equity security of the other party.

In addition to the Data Breach described below, the Company is involved in litigation arising from the normal course of business. In management’s opinion, this litigation is not expected to have a material adverse effect on the Company’s consolidated financial condition, results of operations or cash flows.

Data Breach

As previously reported, in the third quarter of fiscal 2014, the Company confirmed that its payment data systems were breached, which potentially impacted customers who used payment cards at self-checkout systems in the Company’s U.S. and Canadian stores (the "Data Breach"). The Data Breach resulted in a number of claims against the Company, the majority of which have been finally or preliminarily resolved, as follows.

Payment Card Networks. The four major payment card networks made claims against the Company for costs that they assert they or their issuing banks incurred in connection with the Data Breach. The Company entered into settlement agreements with all four networks in fiscal 2015.

Customer Class Actions. A number of putative class actions were filed in the U.S. and Canada on behalf of customers allegedly harmed by the Data Breach. In the third quarter of fiscal 2016, the respective courts approved settlement agreements that resolved and dismissed all of these claims.

Financial Institution Class Actions. A number of putative class actions were filed in the U.S. on behalf of financial institutions allegedly harmed by the Data Breach. In the first quarter of fiscal 2017, the Company agreed to settlement terms that, upon approval of the court, will resolve and dismiss the claims asserted in those actions.

The Company previously recorded accruals for estimated probable losses in connection with the matters described above. While the Company’s estimates may change as new information becomes available, it does not believe any adjustments to the accruals will be material.

Pending Matters. Two purported shareholder derivative actions, which were consolidated into a single complaint, were filed against the Company, as a nominal defendant, and certain present and former members of the Company’s Board of Directors and executive officers. In the fourth quarter of fiscal 2016, the court granted the defendants’ motion to dismiss the complaint. The shareholders appealed the dismissal to the Eleventh Circuit Court of Appeals. In addition, a group of State Attorneys General is investigating events related to the Data Breach, including how it occurred, its consequences and the Company’s responses. The Company is cooperating in this investigation.

While losses from these pending matters are reasonably possible, the Company is not able to estimate the costs, or range of costs, related to these matters. The Company will continue to evaluate information as it becomes known and will record an estimate for losses at the time or times when it is both probable that a loss has been incurred and the amount of the loss is reasonably estimable. The Company does not believe that the ultimate amount paid on these pending matters will have a material adverse effect on the Company’s consolidated financial condition, results of operations or cash flows in future periods.

Expenses Incurred and Amounts Accrued

In fiscal 2016, the Company recorded $37 million of pretax expenses related to the Data Breach. The Company did not record any related expected insurance proceeds in fiscal 2016. Since the Data Breach occurred, the Company has recorded $298 million of pretax gross expenses related to the Data Breach, partially offset by $100 million of expected insurance proceeds, for pretax net expenses of $198 million. These expenses include costs to investigate and respond to the Data Breach and pay legal and other professional services, all of which were expensed as incurred. Expenses also include the accruals for estimated probable losses that the Company has incurred or expects to incur in connection with the Data Breach as of the end of fiscal 2016. These expenses are included in SG&A expenses in the accompanying Consolidated Statements of Earnings.

At January 29, 2017, accrued liabilities and insurance receivable related to the Data Breach consisted of the following (amounts in millions):



	Accrued Liabilities			Insurance Receivable
(Expenses incurred) insurance receivable recorded in fiscal 2014	$	(63	)	$	30
Payments made (received) in fiscal 2014	51			(10		)
Balance at February 1, 2015	(12		)	20
(Expenses incurred) insurance receivable recorded in fiscal 2015	(198		)	70
Payments made (received) in fiscal 2015	176			(20		)
Balance at January 31, 2016	(34		)	70
(Expenses incurred) insurance receivable recorded in fiscal 2016	(37		)	—
Payments made (received) in fiscal 2016	39			(50		)
Balance at January 29, 2017	$	(32	)	$	20

Future Costs

The Company also expects to incur additional legal and other professional services expenses associated with the Data Breach in future periods and will recognize these expenses as services are received. The Company does not believe that the ultimate amount paid for these services will have a material adverse effect on the Company’s consolidated financial condition, results of operations or cash flows in future periods.

Insurance Coverage

The Company maintained $100 million of network security and privacy liability insurance coverage in fiscal 2014, above a $7.5 million deductible, to limit the Company’s exposure to losses such as those related to the Data Breach. As of January 29, 2017, the Company had received initial payments totaling $80 million of insurance reimbursements under the fiscal 2014 policy, and expects to receive additional payments. The Company maintained $100 million of network security and privacy liability insurance coverage in fiscal 2015 and 2016, above a $10 million deductible, to limit the Company’s exposure to similar losses. In the first quarter of fiscal 2017, the Company entered into a new policy, with $100 million of network security and privacy liability insurance coverage above a $10 million deductible, to limit the Company’s exposure to similar losses.