Target And The Lesson Of Data Breach

May 5, 2014

Target And The Lesson Of Data Breach

The news today that Target Chairman, CEO, and President Gregg Steinhafel is leaving the company, surprised precisely nobody. Indeed, his fate was sealed months ago following the company’s disastrous data breach that exposed more than 100 million customers to the theft of their credit card data and personal information.

Along with lackluster performance and other criticism, Steinhafel presided over a deadly trifecta – he lost the confidence of his customers, investors and board members. To paraphrase, “survival was not an option.”

As in all customer-focused relationships reputation and trust is everything. In 2014, there is no shortage of competition in the traditional retail sector – and not to mention the lurking presence of Amazon and others who continually seek ways to cut the brick-and-mortar competition out of the equation entirely.

For Target, its response to the data breach, which began in November 2013, crystallized the case for new management. As the company and the public are now painfully aware, at least 40 million payment card numbers and 70 million other pieces of customer data were stolen. Bad enough that Target was notified by the very outside experts it hired to alert the company to just such an intrusion, and then ignored the warning – but even when the scope of the breach was discovered internally, customer notifications were severely delayed.

Bloomberg put it succinctly: “In March, Target told a Senate panel that it had clues about the attack weeks before responding and was exploring why it took so long to react. Sometime after intruders entered Target’s systems on Nov. 12, their activities were detected and evaluated by security professionals, according to remarks [by then CFO and now acting CEO John] Mulligan submitted to the panel. The company was later alerted to suspicious activity by the U.S. Justice Department, leading to an internal investigation that confirmed a breach on Dec. 15.”

Coupled with the company’s subsequent commentary that lacked any compassion for its customers who were harmed, Target learned the hard way that the fundamental rules of crisis communications continue to apply:

1) control your own narrative and tell as much of the story as soon as you can, lest your opponents do so;

2) recognize that the protection of your customer’s financial information and personal data is your responsibility and any violation of it should be met with compassion, clarity, understanding, and resolve – and not dense or heavily nuanced statements; and

3) do not let the story get away from you, so if it continues to evolve take advantage of the opportunity to be the source of information and drive the narrative (instead of being driven by it).

Under Steinhafel’s leadership Target’s failure on all three of these points led it to become an isolated entity that was increasingly abandoned by its customers – a forcing event that likely moved the board to action. In the absence of any proactive communications to rebuild its tattered relationships, the company perpetuated its own negative perception.

Enemies and antagonists abound and they will continue their systemic, organized, and (sadly) profitable efforts to commit crimes and steal identities. In response, companies are now fairly warned that they (via their stock price) and their leaders will be held accountable – and will pay the price for anything less than robust vigilance and straight talk.

Slide Up


Written by clsdcadmin On the

Have a question? Interested in working with us?

We would love to hear from you. Fill out the form and let us know how we can help.

We usually reply within a few business days. Call us at 202-289-5900 if the matter is urgent.

1717 K Street NW, Suite 900, Washington, DC 20006

Directions to CLS

Get Directions 1717 K Street NW, Suite 900 Washington, DC 20006 ×