The phrase “massive data breach” is the last thing any retailer wants to see their name associated with, but when bad things happen to good retailers Target's response to the situation is a blueprint for other retailers.
Target will be dealing with the fallout for months, if not years, from the data breach which occurred during the holidays and affected some 40 million credit and debit customers. Lost sales, lawsuits, negative publicity and a sullied reputation are just a few of the consequences. However, if there is a silver lining to the situation it has been the manner in which the company communicated with customers to calm their fears and minimize the negative effects of the breach on the business.
The company proactively communicated with customers to provide assurances to those who were, or still are, understandably anxious about the situation. For starters, the company took the extreme and margins-killing measure of offering a 10% discount during one of the holiday seasons busiest weekends. The retailer’s home page also featured the alert, “Important notice: unauthorized access to payment card data in U.S. stores,” for longer than was probably necessary even after the matter was resolved. That warning linked to a separate landing page where, importantly, the company shared extensive information and put a human face on the situation. A large photo showing dozens of executives sitting around a horseshoe-shaped table discussing the data breach let those who visited the page know that real people were taking the matter seriously.
In addition, the company featured a large photo of Target president, CEO and chairman Gregg Steinhafel along with a message in English and Spanish that first appeared in a letter dated December 20. There was also a series of video messages from Steinhafel discussing various topics.
Whenever a data breach occurs, those affected understandably have a lot of questions so Target offered an extensive frequently asked questions section. However, it did so in a way that was clear and plain spoken and didn’t sound like it was written by lawyers even if it was. For example, “How could Target let all this credit and debit card information get accessed?”
Good question. IT professionals, Target executives, law enforcement officials and lawyers will be probing that one for some time. In the meantime, other retailers should be saying, “there but for the grace of God go I,” and paying close attention to Target’s disaster response strategies because in all likelihood it will be a matter of when, not if, another retailer finds themselves coping with a data breach.