By now, everyone has heard of the Target data breach originally published by KrebsOnSecurity. Until mere hours ago, Target vehemently denied that PINS were stolen with customer’s credit card numbers. Now, after being outed by one of their own, they are finally owning up to the true gravity of the situation. With the added information that PINS were stolen as well, it’s clear the breach is much deeper than originally thought. Lately, people are starting to vent their anger, online.

I too, was an frustrated Target customer, but not because of the breach in itself, (things happen, especially with cyber security.) I was more concerned that I wasn’t told in a timely fashion and with Target’s original denial that PINS were not stolen as industry experts spoke the opposite. Then, I was shocked at the crisis management, (or lack thereof,) that happened. This to me, shows defunct leadership, and the ability to be agile in times of crisis.

It wasn’t until I called the number that Target set-up to handle the overflow of calls, that I started to vent my concern. The number, was simply set-up to give consumers the original number that remains on the back of ANY Target debit or credit card. They were unable to answer any questions related to an account and were there simply as triage. After 2 hours, I got through and politely asked for a new card only to be told I would have to call the number on the back of my Target card. Target’s original statement was that consumers need not to call or receive a new card, unless their data was already stolen, nor was Target recommending guests call their banks. As a security writer, this didn’t sit well with me. If data was stolen from debit cards AND Target cards, I needed to secure both and break the connection between the two, immediately. In fact, my bank, Wells Fargo, recommended I get a new card, immediately, whether or not my card was used fraudulently.

“If a guest looks at their credit or debit account and sees charges they did not make, they should contact us at 1-866-852-8680. Otherwise they do not need to call.” (pressroom.target.com, Dec. 21. 2013.) 

Other banks in return, were issuing new cards for their customers, simply because it would protect both against the fraud. Target, simply stated to, “look at statements.” Maybe I’ve come to expect more of Target, or maybe I’m still baffled as to how one of Minnesota’s greatest companies could handle a data breach so poorly. It was almost a P.R. case study for what NOT to do. By remaining quiet until the last possible minute about the breach and ignoring customer’s questions on Facebook and Twitter, they hurt potential relationships and trust. By refusing to admit the PINs were stolen, Target solidified a message of either, “We actually have no idea what happened,” or even worse, “We know, but don’t believe you need to hear the truth until we have to tell you.” Truly, either way is not what we’re used to, from such a forward-thinking retailer.

It answers the age-old question, “Target or Walmart, are they both the same?” I’ve often thought, (since I had an insider’s perspective, sitting on Target’s Risk Management steering committee for over a year,) the only difference between all the retailers, is P.R.

Simply put, Target has been perceived better because of transparent and authentic values and a commitment to the community, while Walmart hasn’t found out how to correctly state their community investment, (if one exists.) Between most big-box retailers, I always considered Target the knowledgeable big sister who guides and lays the groundwork for others to follow. Unfortunately, I’m starting to realize, when executives are stuck in red tape and minutiae of poor planning in crisis events, everyone can be created equal. I’ve still not heard why my own replaced debit card had my zip code on my name line. Must be a mystery, too. I can’t even imagine holding for another 2 hours to fix this. Plus, why is my zip code near my name? Weren’t hackers utilizing zipcodes to look up the cards to begin with?

 

Target has time to fix this. In fact, while walking through the aisles with John on their 10% off weekend, I mentioned, “Why is there not a few trained individuals at each store to answer questions about the breach, what customers should do and rally the troops to protect brand image?” I thought it would be a fantastic idea to print safety reminders on customer receipts and have a small hand-out or booklet ready to help alleviate concern or frustration. For goodness’ sake, become a hero, don’t be the villian.

What a rare opportunity to TEACH and create advocates for Target’s brand, this all could be. Certainly, that would continue the trend of Target always being ahead of the curve, or perhaps, I just want to believe that my red happy place, couldn’t stoop to such a sub-par level of customer service and brand perception. I’ve been wrong before, but I’m hoping they are just late on the cause.