(Reuters) — Target Corp.'s net profit almost halved in the holiday quarter as the third-largest U.S. retailer dealt with the fallout of a massive data breach and warned that costs related to the event could hurt future profits.

Target incurred $61 million in expenses related to the breach during the quarter, but those costs were offset by a $44 million insurance payment, bringing down the impact to $17 million. The retailer said it has not been able to estimate future expenses related to the data breach.

Wednesday marks the first time the Minneapolis-based retailer faces Wall Street since the breach, which led to the theft of about 40 million credit and debit card records and 70 million other records with information such as addresses and phone numbers of shoppers compromised.

“These costs may have a material adverse effect on Target's results” in the current quarter, the year and future periods, it warned investors on Wednesday.

Net earnings fell to $520 million in the three months that ended on Feb. 1, from $961 million a year earlier.

Sales fell 3.8% to $21.52 billion, missing the already lowered estimate of $22.37 billion, according to Thomson Reuters. Same-store sales, or sales at U.S. stores open at least a year, fell 2.5%.

The data breach “took the wind out of Target's sails and unfortunately sales,” said Sandy Skrovan, U.S. research director at Planet Retail.

%%BREAK%%

The retailer already had lowered expectations for the fourth quarter. News of the breach has hurt its reputation and stock, and made many on Wall Street take down their profit and sales estimates on Target.

Mark Rasch, a former cyber crimes prosecutor who worked on some of the biggest U.S. payment card breach cases, said that it was too early to estimate how big the bill would be, but it would certainly be in the hundreds of millions of dollars and could top $1 billion. “We know it is going to be big. We just don't know how big,” he said.

Representatives for Target have declined to discuss exactly what sorts of costs its cyber insurance will cover or identify its insurers.

Large corporations typically obtain cyber insurance from multiple carriers, who share the risk, sometimes requiring the carrier to pay some expenses as well before the policies reach their maximum.

Insurers offer cyber policies that cover costs for items such as investigating breaches and repairing networks, compensating credit card issuers for fraudulent activity, fighting lawsuits and responding to regulatory probes.

Target said on Wednesday it may have to incur costs tied to reissuing cards, lawsuits, governmental investigations and enforcement proceedings, legal expenses, investigative and consulting fees, and capital investments, among other things.