Target’s Security Breach: How Safe Are You?

Target, a very popular and extensive corporation, experienced security breaches from November 27th until December 15th 2013. Target recognized this lapse in security and responded accordingly to its consumers. How and when Target responded to this event were crucial in how the public perceived and continue to perceive Target, while also playing a factor in whether or not customers would shop there again. On December 19, 2013 Target released a message, giving its customers a detailed account of what occurred. According to Target there was an “unauthorized access to Target payment card data” which included “customer name, credit or debit card number, and the card’s expiration date and CVV.” Target openly apologized for the incident stating that their customer privacy and protection was of their utmost concern (Target 2013).

Target Image

Target exhibited use of the Situational Crisis Theory, which is not only a theory, but also an applicable plan to react to a crisis, like their breach in security. According to the University of Illinois, a crisis must be identified as the appropriate cluster crisis. In Target’s case, they chose a victim cluster crisis. This cluster states that an organization is also a victim of the crisis, making the company seen as less of a threat. In addition to identifying the correct cluster, there are four main strategies that can be used in response to a crisis.

Table 3: SCCT crisis response strategies
Primary crisis response strategies
Deny crisis response strategies
Attack the accuser: Crisis manager confronts the person or group claiming something is wrong with the organization.
Denial: Crisis manager asserts that there is no crisis.
Scapegoat: Crisis manager blames some person or group outside of the organization for the crisis.
Diminish crisis response strategies
Excuse: Crisis manager minimizes organizational responsibility by denying intent to do harm and/or claiming inability to control the events that triggered the crisis.
Justification: Crisis manager minimizes the perceived damage caused by the crisis.
Rebuild crisis response strategies
Compensation: Crisis manager offers money or other gifts to victims.
Apology: Crisis manager indicates the organization takes full responsibility for the crisis and asks stakeholders for forgiveness.
Secondary crisis response strategies
Bolstering crisis response strategies
Reminder: Tell stakeholders about the past good works of the organization.
Ingratiation: Crisis manager praises stakeholders and/or reminds them of past good works by the organization.
Victimage: Crisis managers remind stakeholders that the organization is a victim of the crisis too.
Source: Coombs, W.T. (2007b).

Target had a serious problem on their hands since more than 70 million of their customers’ private information was stolen. The company knew that if they did not regain the trust of their customers they would choose to shop elsewhere. Target’s CEO, Gregg Steinhafel, promptly sent out messages on December 19th and 20th to the customers, but he did not openly admit that they had knowledge of a malware attack on their systems. This is an example of the diminishing strategy, in which an organization attempts to minimize blame and responsibility for an event. Throughout both messages, Target used words like “unauthorized access”, “crime”, and “incident”.  These terms are carefully chosen to save face and make it seem as though Target was a victim in the security breach alongside the customer. In order to rebuild their image, Target’s PR practitioners knew how customers would respond to personal information being stolen and what words to use to reassure its consumers that it is safe again to shop at Target.

In the opening line of the message from the CEO, Target referred to customers as “Target Guest” and stated that, “our brand has been built on a 50-year foundation of trust with our guests, and we want to assure you that the cause of this issue has been addressed and you can shop with confidence at Target.” The messages from Target’s CEO utilize the Rebuild strategy by apologizing to customers and stockholders. The company used the Bolstering strategy, reminding customer about the good of the organization, by reminding them of how target built its foundation on trust for over 50 years.  The shopping conglomerate used diminishing, rebuild, and bolstering strategies in their press releases and messages to customers to separate themselves from the breach, rebuild trust with customers and remind them that Target has proudly served the community for fifty years.

Fast forward almost a year later and Target is still one of the largest shopping chains in the country. According to USA Today, Target reported second-quarter earnings of $234 million, compared with earnings of $611 million in the same period last year. It appears as though Target’s attempts to regain customer confidence were not as successful as they had hoped. The company may have missed the target on this one.

– Spencer Brenes