[Image of: RetailWire Logo and Tagline (for print)]


Online Selling Strategies
Social Marketing Campaigns
RR Donnelley:
In-Store Marketing
Enriching Customer Relationships

Would You Accept Target's Apology?

December 23, 2013

In a statement as well as a YouTube video, Target CEO Gregg Steinhafel apologized to customers who were affected by a massive data breach involving millions of credit and debit cards. A 10 percent discount was also offered to all customers this past weekend as well as free credit monitoring services to those impacted.

The message, delivered Friday after the stock market's close, came amid multiple reports that bogus credit cards were reaching the black market and financial institutions began placing restrictions on some cardholders.

"It was a crime against Target, our team members, and most importantly, our guests," Mr. Steinhafel said in a statement. "We want to emphasize that the issue has been addressed and let guests know they can shop with confidence at their local Target stores."

Mr. Steinhafel also apologized to guests who tried to reach Target via its website or call center while it faces "unprecedented call volume." Customers were assured they won't be held financially responsible for fraud on their cards. Target also said it had found no evidence that secret security PINs or codes had been exposed.

[Image: Target Apology]

But widespread media coverage continued amid reports that fraudulent cards were being sold in batches of a million, with some cards going for as low as $20 and some as much as $100.

On Saturday, JPMorgan Chase notified customers they would be limited to $100 in cash withdrawals and $300 in total purchases per day if they used Chase debit cards at Target during the security breach. Citibank said it would lower limits, block transactions and reissue cards for debit cardholders if it saw suspicious activity. Three class-action lawsuits were filed.

On Target's Facebook page, Target REDcard's website page's crashes and long phone call waits created fresh fodder for the many irate messages.

The question remained whether Target was negligent in missing the still-puzzling breach, as well as why they waited until Dec. 19, a day after a blogger broke the news, to reveal the hack attack.

The value of a 10 percent discount, which excludes video games, gift cards, and a few other items, amid holiday promotions was also questioned.

"With these data security breaches, there's usually the question of consumer confidence and trust," Daren M. Orzechowski, an intellectual property attorney with White & Case LLP, told USA Today. "They have to balance if they feel they need to do more to try to preserve consumer confidence."


Discussion Questions:

What do you think of the 10 percent discount and Target's other responses to the breach? What other steps could be taken to regain customers' trust?

While we value unfettered opinion, we urge you to show respect and courtesy for people or companies about whom you comment. Keep in mind that this is a public, professional business discussion. RetailWire reserves the right to edit or refuse the publication of remarks that we deem unsuitable. We may also correct for unintended spelling and grammatical errors.

Instant Poll:

How would you grade Target's response so far to its data breach?


It was a good thing for Target to offer these responses to the breach. This could have been any retailer in America and it appears to be on such a large scale that no one knows if anything could have prevented it. I do think Target will bounce back just as others have done in the past. Worst time of year to one of the best retailers is the real crime.

[Image of: View Braintrust Panelist button]
Frank Riso, Principal, Frank Riso Associates, LLC

Target went public too slowly, did not take the breech seriously enough, and was not prepared to handle customer concerns. All of these are much more important than a 10% discount.

Target should have announced the breech immediately, should have offered more thorough advice to consumers on how to monitor their accounts, added significantly more staff to handle customer questions, and should have been seen to be more on top of the situation.

All that said, I doubt this situation will have a long-term impact on Target's sales or way of doing business. Target and TJ Maxx should lead the call for US retailers to switch to pin and chip credit cards. They should actively communicate with consumers about credit card fraud and identity theft. Consumers should demand no less.

[Image of: View Braintrust Panelist button]
Max Goldberg, President, Max Goldberg & Associates

Target was not the first retailer to be breached and will not be the last. I think Target is following the handbook if there is one: apologize, offer credit monitoring, and discount. Full disclosure; I shopped during the breach and did enjoy the 10% discount on Saturday.

I'd like to comment on another aspect of the breach. I spoke with my local Target manager and he expressed to me the amount of angry customers he had to deal with because of the corporate 800# and website being down. Target should do something for the front-line associates whose otherwise stressful holiday has been ramped up with crazy customers thinking they personally stole the credit card information or were involved in its theft.

This is a crime against Target and the customers involved. Customers should remember that the front-line associates aren't writing the code that protects the data, they are stocking the shelves and checking you out and are most likely, one of your neighbors.

[Image of: View Braintrust Panelist button]
Robert DiPietro, GVP Product Strategy & Business Development, Affinion Group

WIMPY! Steinhafel categorized the 10% discount "...as a small way to say thank you." Small is right. Even JCP is offering better deals as part of its standard holiday pricing, as are many others.

Once again it sounds like the C-level big wigs don't get it. For that small minority of people that will be seriously impacted by this breach, it's an enormous burden upon them that 10% off or some data monitoring service will not address. Also, what about people that have been planning to do last minute holiday shopping to now be limited to $300/day expenditures on possibly breached cards? It's a big deal to them.

Clearly this is a case where heads must roll in IT and other departments that should have done better due diligence on their POS system. IMHO after such a meager gesture, Steinhafel needs to be ousted ASAP too.

[Image of: View Braintrust Panelist button]
Ken Lonyai, Digital Innovation Strategist, co-founder, ScreenPlay InterActive

I see this as something like a lightning strike that could just as well have hit any retailer. And I don't think any retailer could be expected to have infrastructure in place to handle anxious calls from 40 million cardholders all at once. The customers who will now be faced with credit card fraud/identity theft issues should be Target's top priority, and if I were Target I'd have put full financial resources against them rather than a 10% price cut, which almost seems desperate.

Because this is litigious America, people are going to seek a pound of flesh just because they sense there's opportunity to hit the jackpot. The only change I would have made with Target's response would have been forgoing the 10% discount, and throwing all resources possible against helping customers who have, or will be having, problems because of this data breach. I'd also be throwing a lot of money to Target's lawyers, preparing for the tsunami of lawsuits to come.

[Image of: View Braintrust Panelist button]
Warren Thayer, Editor & Managing Partner, Frozen & Refrigerated Buyer

The 10% discount is clearly just another way to get shoppers into Target. Much too transparent. The real issue is to give customers the confidence that they will have no liability. Emphasize that. Re-emphasize that and tell the customers that Target will guarantee that this breach doesn't lead to credit problems for customers. And if it does, they will solve the problem at whatever cost it takes.

By the way...does anyone else find the use of the word "guest" annoying? When I go to a store, I am not a guest, I am a customer and I want to be treated as a customer, which to me is a considerably higher level of service than a guest.

[Image of: View Braintrust Panelist button]
Gene Detroyer, Professor, Independent

I agree with everything that Max said. I would add that the duration of the security breach (from November 27th through December 15th) is a big part of the story. I'm no IT expert, but why and how did Target's systems allow this to go undetected for so long?

This should be a cautionary tale about how a "best in class" retailer deals effectively - or not so much - with a true crisis management situation. Retailers who have not developed their own contingency plans for this kind of event had better get to work.

[Image of: View Braintrust Panelist button]
Dick Seesel, Principal, Retailing In Focus LLC

Target should have gotten out in front of this aggressively. Coming clean with customers a day after a blogger broke the news is unconscionable.

Being upfront about the breach and making every effort to notify customers quickly, answer questions, and resolve issues should have been their number one priority. Doing so would have taken the punch out of the story for the press and it might not have ended up on page one.

Retailers need to understand that for the most part, their customers aren't fools and understand that with convenience comes risk. They also need to understand that their customers don't like to be fooled either.

[Image of: View Braintrust Panelist button]
Marge Laney, President, Alert Technologies, Inc.

I was in a local Target on Saturday where I ran into friends who said they were at the store after receiving the apology email from Mr. Steinhafel. Personally speaking, the 10 percent discount on top of the five percent I already get from using the REDcard plus additional savings from coupons on the retailer's site and those through its Cartwheel program made the shopping visit very enjoyable. In short: apology accepted.

[Image of: View Staff button]
George Anderson, Editor-in-Chief/Associate Publisher, RetailWire LLC

It's a major headache for Target, affected customers, associates, and banks. And, it's not directly Target's fault - they are right that criminals did this and need to be caught and prosecuted. And, card technology needs to change to prevent future issues, which is a problem much bigger than Target. Target is a well run retailer and will get through this and shoppers will come back, and already are. But, it is a short-term hit at a critical time of the year and they were not ready for something like this, from a tech, PR, or social media standpoint.

[Image of: View Staff button]
Al McClain, CEO, Founder, RetailWire.com

I hope the execs at Target realize this is not a job for the PR department - this is a data breach announced at the peak of the holiday shopping and retailers are going to have to address the real issue here.

A criminal act occurred resulting in customers having their bank account being wiped out during this holiday peak season. In addition, there is real immediate fallout including the limiting of credit card spending amounts by JP Morgan.

Many said this will blow over and Target will resume to business as usual. We are seeing repercussions and I do not believe this will blow over. The days of storing unencrypted cardholder information, magnetic stripe cards and external payment processing machines are coming to an end.

There is no way we are going to see current payment processing practices continue as usual in 2014 and I believe the government will intervene if the retail industry cannot self-regulate after so many data breaches.

Ed Dunn, Founder, (Stealth Operation)

Let's face it, Target blew it and so has the credit card industry. It is time that the US issuers of credit cards put in the same protection and verification system that is used over most of the rest of the world.

[Image of: View Braintrust Panelist button]
Mel Kleiman, President, Humetrics

Target did right by stepping up and being forthright so quickly after the problem became apparent. For that I applaud them. I used a credit card there once during the holidays. I check the account daily. For that I do not applaud them. Sales have to have taken a hit since the incident became public.

[Image of: View Braintrust Panelist button]
Ed Rosenbaum, CEO, The Customer Service Rainmaker, Rainmaker Solutions

This is definitely a short term hit at the worst time of the year. Offering a 10% discount for customers who shopped after the breach does not necessarily help those who had their credit cards breached. Is 10% worth the possibility of having a problem with your credit card? Is a statement saying you are safe shopping at Target reassuring when customers thought they were safe shopping during the breach period? Going such a long time without learning about the breach is problematic. However, long term, Target should be fine. The short term will sting.

[Image of: View Braintrust Panelist button]
Camille P. Schuster, Ph.D., President, Global Collaborations, Inc.

This could have happened to almost any large retailer in the U.S. Now that it has, others will harden their defenses even more and the criminal will develop new ways to defeat them.

I agree with all those that stated Target should have moved faster, but they may have not been prepared with a plan for this type of issue. Now other retailers will have their teams developing a crisis plan for this type of attack. Also agree that a 10% discount is really not a big deal when everyone around you is shouting 25% to 50% off.

We can all throw stones at Target's lack of ability to handle the deluge of inquiries by phone or over the web, but who would be prepared for that level of volume? The fallout will be a lack of customer's trust and a huge legal and damages bill.

[Image of: View Braintrust Panelist button]
Steve Montgomery, President, b2b Solutions, LLC

Too little, too late and - worse yet - it misses the point. People aren't looking for a discount, they are looking for security.

Better to indemnify everyone for any losses and focus on creating a hack-resistant system.

Yes, this could have happened to any retailer, but it happened to Target, so Target had better find a better way to respond.

[Image of: View Braintrust Panelist button]
Ryan Mathews, Founder, ceo, Black Monk Consulting

I think the root problem is that they really don't know the extent of the damage yet, and that's far more worrisome than the apology.

The lack of proactivity on canceling stolen cards tells me it's not all clear yet. And that's a problem.

[Image of: View Braintrust Panelist button]
Paula Rosenblum, Managing Partner, RSR Research

Target's 10% was a nice offer, but it didn't go to all of Target's REDcard customers. A bummer and not a trust builder. Still their stores were jammed. Target does have a good relationship with their customers.

"Show me the money" and I'll continue to love you, Target. But anything that reflects as a "wallet extraction" gimmick from Target - or our elected friends in Washington - is not a trust builder.

[Image of: View Braintrust Panelist button]
Gene Hoffman, President/CEO, Corporate Strategies International

I wonder if Target can take advanage of this "opportunity" as a way to move ahead of the competition when it comes to protecting consumer's data. It's only a matter of time before another retailer gets hit with the same type of breach. Look to Europe to see if "Chip and Pin" is an option. Better than offering a discount, they should offer all those impacted by the attack a free one year's membership to Life Lock.

Robert Swan, Account Manager, Menasha

I think the tactics Target has executed thus far are not very focused on the customers affected by the security breach. Instead of offering something truly special that serves as an apology to the customers affected (the card holders), Target gave all shoppers a 10% discount. There's no way that could have been a campaign they were going to launch prior to last few days before Christmas. I'm sure that this was meant to gain Target some additional good will PR at a low cost to the company, but the core customer was treated just as everyone else who was not affected.

(Side note: It really is time for retailers to treat each customer as an individual. The technology exists and companies are using it for other purposes already. Target can use analytics to determine which customers are pregnant based on purchase history. Surely they can determine which of their customers have REDcards.)

Target could have created a truly special customer care campaign to apologize to each REDcard customer and then have offered some sort of discount/coupon/event to the affected cardholders - aka the ones that use the REDcard, spend the most, and are that are their best customers. 10% off everything to everyone, really? Instances like this erode the company brand and have negative long-term repercussions.

[Image of: View Braintrust Panelist button]
Larry Negrich, Vice President, Marketing, nGage Labs

The 10% discount was never communicated to me - and I made AmEx and REDcard purchases during that period using those credit cards. I did get through to American Express - they were not pushing me to get a new card/number. Told me I was not responsible for any fraudulent purchases - I told them I knew that, was trying to protect them, not me. Not surprising that the vultures dba class action attorneys are already at work. I would be interested in knowing how this happened - these crooks couldn't have physically put that software on thousands of individual card scanners at POS.


I shopped at an extremely busy Target yesterday along with thousands of my closest friends. Apology apparently accepted.

[Image of: View Braintrust Panelist button]
Mark Heckman, Principal, Mark Heckman Consulting

The YouTube video is closed to comments. That tells us something negative is happening. Overall, very poorly done. Target CEO offers 10% as a "thank you" but does not put the 10% discount offer into context of an apology, and does not advise remedial actions to prevent further risk of credit card data to its customers.


Everyone else has commented on the discount and Target's delayed response. I am not sure whether Target was at fault on the late notice to customers or the authorities were working behind the scenes and did not want to warn the cyber criminals. In any case the bigger issue here is what do the people responsible (Banks, Credit Card companies like AMEX etc.) do to stay ahead of the criminal element that can hack into these systems. Several Cards now have chips that offer more security, however, all hands must be on deck, especially law enforcement, to thwart these people who can rob the equivalent of thousands of banks at one time!

[Image of: View Braintrust Panelist button]
J. Peter Deeb, Managing Partner, Deeb MacDonald & Associates, L.L.C.

Sounds like the Affordable Care Act crisis, crashing web site, and phone lines. It is a mess, and it will pass, so Target can recover over time. Cyber hacking will continue to be a problem, as the electronic payments on line will always be vulnerable to the thieves who make a great living out of this.

[Image of: View Braintrust Panelist button]
Tony Orlando, Owner, Tony O's Supermarket & Catering

Yes, I accept their apology. No, from all the reports I have read I don't think they waited too long to announce the breach. Unfortunately, in today's litigious society, merchants cannot immediately put out a press release upon the first signs of a breach. There are too many people looking to make a profit on anyone's and everyone's misfortunes. If the media would spend less time crucifying the victims of these breaches and more time on the perpetrators, maybe law enforcement would be able to dedicate more resources to hunting down and prosecuting the real criminals. Right now, the old saying "crime doesn't pay" is a farce.

Steve Sommers, VP App Dev, Shift4 Corporation

Target has been behind the curve throughout this entire incident. It was late to identify the problem. Late to acknowledge it. Slow to identify fixes, and vague on the apology. The 10% discount is all PR.

Since the private-labeled REDcards pull funds from users' own bank debit card accounts, there is an implied extra responsibility for Target. In the wake of this event, it could decide to step up the security of its card and clearing mechanism to meet higher standards used elsewhere in the world. That would begin to build trust.

[Image of: View Braintrust Panelist button]
James Tenser, Principal, VSN Strategies

The almost lackadaisical and generic response by Target does not seem consistent with how one treats a "guest" one cares for. Of course, using the euphemism "our guests" to describe paying customers has always seemed a bit strange.

In the comments here there seems to be a lot of, "well, it could have happened to *any* merchant." First of all are we sure that's true, and if it's true is that really the message of insecurity the industry wants to send out to consumers?


This is generally going to be a no-win situation. Customers affected by the breach will be upset, regardless. Target has to do something to respond, and what they are offering is appropriate. However, many target customers, despite the 10% discount, will inevitably lose trust in Target and will not want to return for some time.

On the other hand, fortunately, this is not the first company which has dealt with security issues. PlayStation, among many other companies, has had security breaches in the not too distant past, so hopefully consumers will chalk this up to Target being unlucky, rather than negligent.

[Image of: View Braintrust Panelist button]
Jesse Karp, Omnichannel Consulting Manager & Loyalty Practice Lead, Cognizant Business Consulting

In this season of love and forgiveness, let's remember that all companies are comprised of individuals. Individuals trying to do their jobs. Some are better than others, but Target was also a victim. Ultimately, it is the thieves that are to blame. Target is trying to fix the problem and also help reduce the impact on the end victim.

Someone below related it to the failed Obamacare roll out. I disagree. This was not something Target "planned." This is more like being on a city bus that is hit by a drunk driver then suing the city.

Could Target have better security? Obviously. But there will always be hackers out there who leap frog technology. Our country supposedly has some of the best security in the world, yet our IRS database has been compromised our defense databases have been compromised and others. This will not end with Target. Not long ago it was PayPal. A few years ago it was TJX. If my house is robbed, am I to blame?

Come on people. Of course the apology should be accepted. In fact, we should be rallying behind Target to show these terrorists can't steal more than they already have. They cannot steal Christmas no matter how Grinchy they want to be. Because this season is about love and forgiveness, not the value of the gift you bought at Target or anywhere else.

[Image of: View Braintrust Panelist button]
Janet Dorenkott, VP & Co-owner, Relational Solutions, Inc.

Totally agree with Gene Detroyer - drives me crazy to have customers called "guests." Most people I know don't try to get money from a guest, but they do from a customer. And Target's 10% discount-after an episode like this it seems rather pitiful.


First and foremost, Target stepped up to apologize, which is important. That said, it should have happened earlier. Bad news of this sort must be confronted head-on and quickly. A proactive statement shows that reconciliation is in progress.

Regarding the 10% discount, I can't predict how this is going to be taken. It seems a bit trite, but at the same time, Target wanted to do something. The discount seems to be turning the bad situation into a marketing opportunity, which seems to be upsetting some people. I think that a promise to be vigilant in fighting this type of crime is most appropriate.

This could have happened to any company. It happened that Target, and their customers/guests were the victims. This is a chance for Target to become the poster-child in the fight against data breach crimes.

[Image of: View Braintrust Panelist button]
Shep Hyken, Chief Amazement Officer, Shepard Presentations, LLC

I genuinely like Target, and my family and I have often shopped there, both in Los Angeles, and recently here in Texas. It is unfortunate that there has been a security breach, and I believe the company is doing a good thing by offering a 10% discount to cardholders. In future, it should "beef-up" its security systems in whatever ways reasonable to insure that something like this doesn't happen again. Unfortunately in our modern, technological age, as long as we can build something, there will always be someone who can figure out a way to tear it down.


Well, we know October 2015 is that watershed moment when the fraud liability shifts to the merchant in the U.S. if they are processing magnetic stripe based cards.

But Target would be well served to push a pin and chip based REDcard right now. Not only do you get a 5% discount, but your transaction is more secure due to the pin and chip processing. Customers have no clue about card processing or how data breaches like this happen, but the majority do feel more secure with measures like pin numbers, zip codes (but if someone takes your wallet and it has your ID in there with your zip code...well maybe crooks don't think that far), ID checks (don't get me started on what I think of this violation of Visa/Mastercard processing guidelines and easily faked, inefficient invasion of privacy)... To me the only good solution is the pin.


What angered the customers the most is that they were not able to reach Target, neither through the website nor with a call. Banks imposing restrictions on the cash and credit limit per day just took this a step farther. Target was a little late to communicate with its customers; sure they had many things to be fixed before they could send out the message.

Great mix and discounts is sure to spring back Target's glory. These episodes re-emphasize the focus on security. Target was PCI compliant. This breach just shows that security goes beyond compliance.

[Image of: View Braintrust Panelist button]
Shilpa Rao, Practice Head - Merchandising, Tata Consultancy Services

Search RetailWire
Follow Us...
[Image of:  Twitter Icon] [Image of:  Facebook Icon] [Image of:  LinkedIn Icon] [Image of:  RSS Icon]

Getting Started video!

View this quick tutorial and learn all the essentials...

RetailWire Newsletters