Wednesday, February 5, 2014

Public relations case study: Target data breach

Although Target is still dealing with the fallout related to its pre-Christmas data breach, let's take a look at how the company is doing so far in managing the crisis.

target data breach
I'll use the eight laws of crisis communications that Jack Yeo and John Brooks presented at the 2012 PRSA Midwest District Conference in Chicago:
  1. Protecting reputation is not about the crisis, but rather how you handle it. Target used many methods of responding to the crisis, including full-page newspaper ads in the nation's top 50 markets. In addition, Target sent an e-mail from CEO Gregg Steinhafel explaining the breach, apologizing and offering free credit monitoring services. (Unfortunately, many customers were leery of the e-mails.) Steinhafel also appeared on CNBC on Jan. 13, where he said, "We are responsible, we're accountable for all of it, and we want to make that crystal clear to everybody that's shopped in our store. They have zero liability."
  2. Be aware of the world around you. Ensuring that call centers and stores had accurate information took awhile for Target -- specifically four days. In the CNBC interview, Steinhafel said, "Part of that timetable all along was for us to make that announcement on day four, and we were working around the clock to prepare our stores. We want guests that come in, once they hear that news, we want to be able to answer their questions, and we want our call centers to function appropriately."
  3. There is no excuse for not planning. Data breaches have become increasingly common among retailers and other companies. If Target had a crisis response manual (I'm not sure if they do or not), a data breach should definitely have been one of the main situations to prepare for.
  4. A swift response is required. This is the area in which Target is receiving the most criticism. Star Tribune columnist Lee Schafer describes Target's public relations as "too slow, too cautious" in this article. He makes a very valid point that on Dec. 18, 2013, the same day computer security blogger Brian Krebs posted a story stating that Target was confronting a security breach, the company instead issued a news release about last-minute holiday season deals. Target didn't issue a news release about the data breach until the next day. (The company first learned of the breach on Dec. 15.) In addition, Steinhafel wasn't made available for a public statement for more than three weeks.
  5. Understand the impact of today's digital democracy. Target developed a page on its website with response and resources related to the data breach, including videos featuring Steinhafel. The retailer monitored what was being said on social media, even mentioning in Jan. 15 tweet, "We're listening & noticing tweets about data breach emails." The content of social media posts changed from holiday cheer to the data breach on Dec. 19, the same day that the company publicly confirmed that credit and debit card information may have been exposed.
  6. Always operate with transparency. This is another area in which Target is taking heat. In a Jan. 14 Star Tribune article that featured highlights from Steinhafel's CNBC interview, reporter Adam Belz wrote that Target's CEO declined to be interviewed by the hometown newspaper. In addition, crisis management consultant Jon Austin made the point in the same article that "He (Steinhafel) was very good, he was very credible, he was very practiced, he stayed on message. . .but he didn't say anything that he couldn't have said on Dec. 19."
  7. Never stand alone. Third-party influencers didn't really make an appearance in the data breach timeline until Target chief financial officer John Mulligan spoke in front of a Senate panel recently. Minnesota Senators Amy Klobuchar and Al Franken, both members of the Judiciary Committee, made statements in support of Target on the issue. “When we push cyberbills, we get push back [from industry and technology groups],” Klobuchar said. “We have learned from this data breach that we can no longer do nothing.” Franken added that card technology needs to be updated.
  8. Never forget to rebuild. Target has been working hard to rebuild the trust with its guests. The CEO could be more visible in the media however.
If I were to grade Target's response to this issue, I would give the company an "A-". The company understood the importance of maintaining the confidence of its customers. However, the delay in communicating and not making the CEO available for a public statement for more than three weeks diminished the effectiveness of Target's crisis response.

For a collection of more public relations tips, insights and reflections, buy the book "19 Tips for Successful Public Relations: Insights on Media Relations and Reputation Management" from!
Related Posts Plugin for WordPress, Blogger...