Target Corp. launched a public relations blitz on Monday to reassure customers that it will work to restore their trust after the massive data breach that came to light in December.
Breaking his nearly monthlong silence on the matter, CEO Gregg Steinhafel gave a lengthy interview with CNBC that aired Monday. He apologized to customers, vowed that shoppers whose data was compromised will have zero liability for fraudulent charges arising from the breach and promised to earn back customers’ trust and confidence.
Target also took out full-page newspaper ads in the country’s top 50 markets, including ads that ran Monday in the New York Times, Wall Street Journal, Washington Post, USA Today and the Star Tribune. The retailer also e-mailed a message from Steinhafel to customers, explaining the breach, apologizing and offering free credit monitoring services.
“We are responsible, we’re accountable for all of it, and we want to make that crystal clear to everybody that’s shopped in our store,” Steinhafel said. “They have zero liability.”
The massive theft of customer information at Target came to light Dec. 18, smack in the middle of the busiest shopping season of the year, and the Minneapolis-based company has disclosed that its fourth-quarter profit will be down from expectations by about 30 cents per share, and that it expects further charges related to the breach.
What remains unclear is the long-term effect on the reputation of the nation’s second-largest retailer, with more than 1,900 stores and 360,000 employees.
Jonathan Bernstein of Bernstein Crisis Management said Target’s actions Monday were smart and necessary. But he said the Minneapolis-based retailer should have reacted more quickly.
“What Target’s doing today is excellent, but they should have been doing this during the week prior to Christmas,” Bernstein said.
While Steinhafel did a good job of communicating empathy and competence in his interview, Bernstein still plans to use Target’s response to the data breach as a classic wrong-way example in his training sessions.
The costs of the current campaign could have been avoided if the company had addressed the crisis more directly after it learned of the breach, Bernstein said.
“They took a lot of unnecessary damage that they could have avoided, and I have to believe that someone in the C-suite at Target wasn’t listening to good advice,” Bernstein said. “This is crisis management 101, and they got an F in the class.”
Steinhafel declined through a spokeswoman to be interviewed by the Star Tribune.
In addition to thieves swiping the credit and debit card information from 40 million customers, the retailer disclosed Friday that the same criminals acquired names, addresses and phone numbers from as many as 70 million accounts.
Steinhafel told CNBC he learned of the breach on Sunday, Dec. 15. Four days later, and a day after a computer security blogger broke the news, Target made its first public statement about the breach. Steinhafel said the company waited to disclose the breach because it was preparing stores and call centers to answer customer questions.
“Part of that timetable all along was for us to make that announcement on day four, and we were working around the clock to prepare our stores,” he said. “We want guests that come in, once they hear that news, we want to be able to answer their questions, and we want our call centers to function appropriately. We were fully prepared to make that announcement on day four.”
Jon Austin, a Minneapolis crisis management consultant, said that answer reflects Target’s process-driven culture, in that the company wanted to get its house in order before telling shoppers about the breach.
But it leaves unanswered the question of why the company didn’t reveal the breach sooner, or make Steinhafel available for a public statement for more than three weeks.
“You have to be able to do more than one thing at a time,” Austin said. “Their normal approach to normal business — it’s a fair question to ask if that’s the best approach during times of abnormal operations.”
Both Austin and Bernstein said it’s likely the company decided to wait on a full disclosure for legal reasons. Without knowing about discussions inside Target, it’s difficult to come down too hard on the response, Austin said.
“I’m always leery to second-guess these guys when I’m not in the room,” he said.
Bill George, the former CEO of Medtronic and former Target board member, came out in defense of Steinhafel and the company on his blog on Sunday.
“Steinhafel and his team seem to be doing everything right,” George wrote.
“Steinhafel is wise enough to know that the most important thing here is Target’s ability to maintain the confidence of its customers. Every decision he has made since the crisis began is based on that clear objective.”
George praised Target’s transparency, its offer to reimburse customers for any losses, and its commitment to reissue Target credit cards and pay for the cost of reissuing other credit cards that were used in Target stores.
Austin said the American public is forgiving of mistakes, but less forgiving when it feels that a company’s response to a crisis doesn’t match its carefully managed image.
Steinhafel’s interview Monday appears to have been a success, Austin said, but Target’s early handling of the breach fell short of its reputation for responsiveness and customer service.
“He was very good, he was very credible, he was very practiced, he stayed on message,” Austin said. “But he didn’t say anything that he couldn’t have said on Dec. 19.”