Customer Loyalty Lessons Learned from Target's Data Breach

By Jessica Velasco

In the midst of 2013’s busiest shopping season of the year, retail giant Target experienced one of the worst data breaches in history. Now, just one year later, both the company and consumers are still feeling the aftereffects of this massive security upheaval.

The Data Breach: What Happened?

Hackers linked to the Ukraine managed to infiltrate Target’s in-person point-of-sales technology. During a nearly month-long period of time, they collected the credit and debit card information for more than 40 million consumers.

In addition to the credit card information, more than 70 million customers forfeited private information like their phone numbers, addresses, and more.

With billions of dollars in damage, pending lawsuits, congressional investigations, and more, Target has lived a nightmare few businesses want to repeat. So that leaves many of us wondering: how can we avoid the same fate?

Customer Loyalty Lessons Learned from Target’s Mistakes

If you are into the techie thing, there are tons of articles available that will help you implement a security system to prevent a similar breach. But that isn’t what you’ll find here.

While everyone — including Target — suffered a great deal from the data breach, many feel the most damaging issues were experienced later. It wasn’t, in fact, the data breach that had customers so fired up; it was the loyalty breach that many found inexcusable.

Here are the most pressing lessons to be learned:

1. Acknowledge the problem — now.

A data breach is bad. But letting someone else tell the world it happened is worse. KrebsOnSecurity leaked the story six days before Target acknowledged the issue. Besides the fact that some of the financial losses could have been prevented if Target had informed consumers earlier, the company severely damaged its reputation.

Any time you forfeit your right to communicate directly with those you’ve wronged, you allow someone else to paint you as the villain rather than expose yourself as the hero.

Hopefully, none of us will ever find ourselves in the midst of a massive security breach, but our businesses could land in hot water over another issue. If that happens, take immediate action. Let your customers know what’s happened. Tell them how you plan to rectify the situation and reassure them you have their best interests at heart.

The sooner you acknowledge a problem, the sooner you can start saving face.

2. Be ready for the backlash.

Once the world learned of the breach and Target’s delayed acknowledgement, we might have assumed they were using that time to formulate a strong customer service response force. After all, why damage your reputation like that if you weren’t using the time to prepare for the influx of customer complaints?

But we all quickly realized that assumption was false.

Target’s social media channels were flooded with complaints that were never acknowledged. Phone lines for the company’s own credit card — the only form of communication — were unable to handle the traffic influx. The online announcement was hidden on the company’s page. Scam emails were sent by hackers on accounts that mimicked Target’s. (The company later fessed up to “limited incidents” of fake communications.)

No one can plan for something like the massive Target data breach. But even the most basic common sense tells us we must be prepared to handle customer complaints. If you ever find yourself in a similar situation, make sure your business puts customer needs first. That might mean pulling people from every department and flooding the customer service team with assistance and support.

The Target brand was damaged by the security issues, but the company’s response was much worse.

3. Protect your customers.

Visa and MasterCard have joined forces to create the Payment Card Industry (PCI) Security Standards Council which oversees rules and regulations that pertain to card security. Then there is EMV, an extra level of security that is used in 80 countries and extensively in Europe. This security is supposed to make its way to the U.S. in 2015. The technology would supposedly make it impossible for hackers to engage in skimming (one of the most common methods of stealing credit card information).

While these universal precautions can help, your business must conduct an individual risk assessment and then address the needs of your customers — not the generic, faceless customers protected by universal security. Have your security tested and monitored by an independent third party.

If you do these things and there’s still trouble, you can honestly tell your customers you did everything you could. On the other hand, if you haven’t taken adequate steps to protect your customers, you’ll have a hard time maintaining their loyalty in light of your ignorance.

Target did have an outstanding security system in place — and it did its job. The third-party company that oversees the security did report potential threats to Target headquarters ... twice. Target chose to ignore those warnings.

4. No matter the cost, start regaining trust.

It took a long time — much longer than it should have — for Target to start addressing its customers’ complaints. But once it did, the Target executives did a fairly good job with their public relations counterattack.

• Target conducted daily news briefings to address the current situation and ensure additional problems weren’t a threat.
• The CEO issued an apology via video.
• All shoppers were able to enjoy a discount on their purchases.
• A new website was created for the sole purpose of addressing the breach.
• Everyone affected by the breach was awarded free credit monitoring for a year.

The free credit monitoring made available to 100 million customers must have cost a bundle. But if that is what was necessary to turn those victims into customers again, it’s what Target needed to do.

When there is trouble — when your brand’s reputation has been threatened — it isn’t the time to worry about costs. Get in there and do what is necessary to regain customer loyalty.

Protect Your Customers — and Brand

Target’s data breach was bad — the worst experience of the company’s half-century existence. But the way the company handled the situation was far more damaging. Any negative situation, whether a security breach or other, can easily turn into a loyalty crisis. Use fast, effective, friendly, honest communication to address the situation.