Some criticize Target's response to breach as too slow
December 20, 2013 11:40 PM
Dan Henry/Chattanooga Times Free Press
A shopper at Target
By Teresa F. Lindeman / Pittsburgh Post-Gazette
Susan Price estimated she called the Target hotline 40 times on Friday morning, trying to get information on the credit and debit card breach that the mass merchant confirmed this week affected as many as 40 million accounts during the holiday shopping season.
When she finally got through, the pre-recorded message referred her to a Web address: http ... forward slash, forward slash ... and so on.
"They talk so fast," said Ms. Price, an Indiana Township resident who was trying to change her Target Red Card just to reduce the chance that any hackers who might have accessed the data would be able to use it. Earlier, she'd arranged to have her PNC card changed because she knew it had been used at Target between Nov. 27 and Sunday.
It's hard to deny the Minneapolis retailer is not having its best week. That started when it figured out on Sunday that information on transactions in all of its U.S. stores had been accessed for weeks. Online transactions were not affected. The company said it quickly brought in law enforcement.
But the retailer didn't reveal the breach to consumers until after the news began to leak out and even then it didn't share a lot of information, beyond that the problem affected all types of credit and debit cards used in a U.S. Target store. The company's home page on the Web didn't mention the problem -- online users had to go deeper in -- and happy Target holiday ads continued to show on television. It seemed to be business as usual.
Meanwhile, shoppers posted thousands of comments -- calling for things like a mass reissuance of Target Red Cards to adding enough staff so that people didn't get busy signals on the hotline -- on the retailer's Facebook page, even as worried customers contacted their banks for advice on what to do to avoid becoming victims of fraud.
"We don't know everything and we never will," said Marc Jampole, principal at Downtown marketing firm Jampole Communications. "But their approach has not been aggressive, has not been interactive. I think it's the wrong approach."
Mr. Jampole, who has advised many companies on crisis communications, speculated that Target officials may have seen their issue as another in a long line of security breaches that would worry consumers, yet would not become the major news story that it has. But the chain is among the largest retailers in the country and this problem arrived at the peak of the Christmas shopping season.
Certainly area banks have taken note of the alarm raised by the news. On Friday, the Citizens Bank website had a note right up front about the Target issue. "As always, Citizens Bank is monitoring customer accounts for unusual activity and is available to help customers 24 hours a day, seven days a week," the website message said.
On the Dollar Bank website, there was a similar reassuring message. "We are aware of the credit and debit card compromise that occurred with Target. Dollar Bank always monitors credit and debit card activity to determine at any time if fraud occurs on your account," it said, going on to encourage customers to monitor their accounts as well.
PNC spokesman Marcey Zwiebel said the bank had been hearing from customers, but had received few reports of fraud. "Some customers have asked if they need to replace their cards," she said. "We are advising them that unless they are seeing unauthorized transactions on their account, there is no need to replace their card at this time."
Target should have put a message on its home page, too, in Mr. Jampole's opinion. He also would have liked to see the company lay out simple steps that customers should take and share that information in as many places as possible, from the website to advertising and so on.
Busy signals and recorded answers on a hotline didn't impress him. "I'd have hired a lot of people to answer phone calls."
On Friday, Target did post a message from CEO Gregg Steinhafel on its blog, saying that the retailer will contact its customers soon to explain free credit monitoring services that it will provide, a common practice in such situations.
He also said the long wait times that people have been experiencing at the call center and on its website were "unacceptable," and said the company was working to improve the situation.
To ease the pain, Mr. Steinhafel's post said, "We're in this together, and in that spirit, we are extending a 10 percent discount -- the same amount our team members receive -- to guests who shop in U.S. stores on Dec. 21 and 22."
Time will tell how significant a hit the incident will be to Target's reputation and sales. Bad events don't necessarily trigger a loss of reputation, said Nir Kossovsky, chief executive of Steel City Re, a Downtown-based insurer of corporate reputational value.
The impact will depend on whether customers believe the company took reasonable actions and whether they hold the hackers, rather than Target, culpable for the breach, he said.
"Bad news headlines sting, but it's only a reputation problem if people behave differently because of it," said Jonathan Salem Baskin, managing director at Consensiv, a reputation management firm in Chicago.
"There's no indication that shoppers are avoiding the chain, and experts already considered Target a leader in data security, so it's unlikely it will be punished for an all-but unforeseeable event."
Mr. Jampole agreed that Target probably won't lose a lot of customers over the incident but it does mean more will be wary. "As long as they don't make another big mistake, they're going to be OK," he said.
Target shares fell $1.40 per share on Thursday to close at $62.15, but on Friday they regained 34 cents to close at $62.49.
Meanwhile, Ms. Price felt this kind of problem could happen to any company but she wasn't taking any chances with her cards.
She finally was able to make changes to her Red Card account at rcam.target.com, which allowed her to cancel her family's existing card and order two more. They're expected to arrive in seven to 10 days.
To report inappropriate comments, abuse and/or repeat offenders, please send an email to
firstname.lastname@example.org and include a link to the article and a copy of the comment. Your report will be reviewed in a timely manner.