In 2013, Target faced a major crisis: A massive data breach that resulted in the theft of the personal information from 110 million customers, including about 40 million credit and debit card numbers. This occurred just two days before “Black Friday,” the biggest shopping day of the year. In response, Target sent customers a letter with an apology, an offer for one year of free credit monitoring, and advice on how to protect one’s identity (Tobin, 2014). Unfortunately, not shopping at Target would be the obvious answer.
Attempting to mitigate the damage, in 2015, Target provided a 10 million dollar settlement for customers affected by the 2013 data breach (Bukaty, 2015). However, this was only for customers who could prove financial damage. It did not make up for customers being inconvenienced. Many refused to shop with the company any further. Customers were not kept abreast of changes and updates. Target obviously needed to improve security. That Christmas had been a disaster, with sales down for Target while they were up for virtually all other retailers.
In the aftermath, Target lost a combined total of about $200 million. To partially compensate, they laid off about 450 employees and left 700 vacancies unfilled, both at headquarters and at retail stores. Target needs to rebuild their stores, their brand, and their customer loyalty.
The Solution: Culture and Marketing Campaign Redesign
An old saying is, “Any publicity is good publicity.” Indeed, Target now has the nation’s attention. How can negative publicity be turned to good? Here is the response strategy:
First, Target needs to apologize again and acknowledge that they did wrong. Not a whiff of downplaying the seriousness of the incident. No one is going to believe and trust in them in the future if they try to say, “It was not our fault we were hacked”. True perhaps, but then inherent in the passing of blame is no way to rebuild for the future. So Target needs to say, “We did not realize how easy it would be for a dedicated hacker to invade our systems. Lesson learned. We will be much more strongly protected going forward. We have hired new key people to protect our data and yours going forward”. Mention that malware was found on the cash registers and was removed as soon as the data breach was discovered. Mention those who were prosecuted for the crime. Let people know how tough and technologically knowledgeable Target has become.
Secondly, rather than hiring for the 1000+ spots that were downsized, hire about 500 IT staff at twice the average salaries of those lost, particularly focusing on the employment of those with technological security and anti-hacking credentials. If stores are stressed because of too few numbers of cashiers, provide self-serve checkouts. If there are other services the store used to provide that have been cut back, provide them again using technology to replace the missing people. Customers like the personal touch, so do not decrease staff further, but utilize them in the most efficient ways. For every service provided by a machine, add signage, perhaps on a screensaver: “This machine is here to serve you because we have prioritized our investment in people for security expertise”.
Third, the laissez-faire culture must change (Derousseau, 2015). Retrain cashiers and others regarding customer security and keep retraining them. Technology changes rapidly, both in terms of hacking or data breach methods, and in terms of the technology developed by security services to fight hackers and data breaches. So develop and implement a training program for every employee that regularly updates employees so that they can speak knowledgeably with customers at any time about the latest in security technology. Such updated training should take place whenever anything new is added, but probably at least once a month. Scheduling regular training updates will remind everyone that communication to the store level is key to a successful redesign of how Target operates regarding security. Customers need to feel comfortable shopping at Target and confident that they are protected. In this atmosphere of leeriness regarding Target, employees can expect to be asked questions.
Fourth, utilize that large new IT staff to constantly search for new data breaching/hacking innovations and fight against them. Target must never be caught short again. Current innovations include smart chips in credit and debit cards, secure socket layer protection online, and bigger and longer encryption keys. But these will continue to change because criminals will not stop regarding improved security as bigger challenges to be overcome. So Target’s own IT must be keeping up.
Fifth, since Experian’s ProtectMyID program was so successful in helping Target overcome the initial problems with customer identity theft, and they are experts in this field, Target should partner with Experian on an ongoing basis. Their IT staff in particular should confer with Experian regarding ongoing updated methods and anti-hacking software and procedures. But Experian also can be used to improve service to customers, as explained below.
Now, it is time to turn Target’s story around. Instead of a disastrous failure to their customers, make this a marketing opportunity:
Become The Retailer Who Advocates For Their Customers To Keep Them Safe.
Lead by example for other retailers, show customers that Target is the company that knows how to deal with crises. The marketing campaign should focus on selling identity protection through the company they have been using since the breach, Experian. Team up for an affordable protection program only for Target customers. Customers with Target credit and/or debit card should be eligible for free monthly identity theft protection, credit and FICO score updates. Customers who do not use Target cards should be provided the opportunity to purchase the ProtectMyID program at a discount price. In this way, Target shoppers know that their brand is an advocate for protection of the consumer. The company could also provide customers with yearly updates on how they have and will continue to protect customer information.
Online customers also should have special protections. One of the best ways to shop online currently is with the use of PayPal, which provides their customers with PayPal identification that is not passed along to retailers. Customer information is in the PayPal “vault” so that customers can shop using their PayPal account, and there is no third-party access to customers’ actual bank or credit card accounts. So Target could direct their customers to PayPal for checkout, addinginformation regarding how PayPal is known for consumer protection and creating a stress-free online shopping experience.
Target would also be well advised to conduct ongoing customer research, using panels in person and online, to determine what else customers want. Given customers’ restrictions on time, many want one-stop shopping. Should stores expand to provide a larger selection of merchandise? On the other hand, modern life so often alienates people from each other that a cozy nostalgic experience provides a sense of relief. Should some stores be even smaller, boutique style, to provide a sense of connection? Target should continue to build upon their motto, “Expect More, Pay Less,” emphasizing great products, competitive prices, and outstanding customer service. Part of that customer service going forward should include personalizing each customer’s experience. Online, as most retailers do now, this can involve tracking customers’ Web site visits and products they investigate online, in order to offer them other products they may be interested in and any pertinent sales information.
But Target’s first priority must be to identity protection. Given the rapidity with which technology advances, any retailer could have another data breach. But this would be extra harmful to Target because they already had a massive data breach. Customers might forgive them once. They are not likely to forgive them twice. It is vital that more than other retailers, Target must keep up with upgrades, regularly train staff, encrypt software, and use third party security services experts. This will cost more than other retailers spend. But by including advantages to their customers in their partnership with security experts, they can leverage that cost into a marketing plan that improves consumer perception of Target as The Company that now prioritizes customer safety above all else.
Finally, when new personnel, new security measures, and better customer service is in place, announce the redesign as a Grand Re-Opening for Target shoppers with deep discount sales. Provide all those affected by the breach with gift cards to shop at Target’s Grand Re-Opening, as a thank you for their loyalty during trying times and a celebration of the best times yet to be a Target customer.
- Bukaty, R. (2015). Target offers $10 million settlement in data breach lawsuit. The Two-Way: Breaking
News from NPR. Retrieved from http://www.npr.org/sections/thetwo-say/2015/03/19/
394039055/target-offers-10-million-settlement-in-data-breach-lawsuit. - Derousseau, R. (2015). A company in crisis is an opportunity for change. Fortune: Leadership.
Retrieved from http://fortune.com/2015/07/10/crisis-company-culture/ - Tobin, A. (2014). “We’re sorry you got hacked”: Target’s letter to unlucky shoppers. Marketplace: By
the Numbers. Retrieved from http://www.marketplace.org/topics/business/numbers/were-sorry-
you-got-hacked-targets-letter-unlucky-shoppers
