TARGET Data Breach

Maggie Christ, Taylor French, Ana Mebane,

Sue Susenburger

 Story broke Dec 18th 2pm

Brian Krebs Internet security journalist
No word from Target
Breach occurred Nov. 27 Dec 15th

Dec 19th 12pm

Today interviews Evan Francie, computer security expert
Target posts initial statement on website
40 million credit/debit accounts affected

Dec 20th
Target posts letter from CEO Greg Steinhafel accompanied by
videos

Jan 10th
70 million credit/debit accounts affected

The Crisis

Greg Steinhafel, CEO

 Calls on guests trust

Offers 10% team member discount
Offers banking/credit card security information
by state
Offers free credit monitoring and identity theft
protection to all guests
Pulled Sochi Olympics ad campaign
Follows up with 3 more press releases

Company Response

1. Guests (customers)
70 million accounts at risk
2. Financial Institutions
Visa
MasterCard
Discover
American Express
3. Media
USAToday
NBC
BusinessWeek
Forbes

4.

5.

Experts
Research
security
Government officials
Secret service
Attorney generals
Department of justice

Highlighted Stakeholders

1. Customers
CEO issued statement, updates, emails
2. Financial Institutions
alerted, provided list
3. Media
CEO issued statement, press releases
4. Experts
security media updates
5. Government officials
general counsel hosted call, partnering

Stakeholders Addressed

 Looks like Facebook altered it?

Regular updates on Twitter,
numbered

Company Facebook & Twitter

 After a couple months, positive comments on how Target

handled the crisis
Still 938 tweets the last 30 days (04/29/2014)
Many retweets of Targets updates
Angry Target customers expressed their displeasure in
comments on the company's Facebook page. Some even
threatened to stop shopping at the store. -- all deleted

Social Media

This is going to linger like a black cloud over the companys

financials for the first half of the year.
Brian S. Sozzi, CEO & Chief Equities Strategist at Blue Capital Advisors
4th quarter
Earnings dropped
2013: $520 million or .81 per share v. 2012: $961 million or $1.47 per share
In the long-term, the security breach wont have a lasting effect.
January
Investors didnt move following the breach
January 10, 2014: Target traded at $62.62 per share
1% slip since the breach
Before the breach, Target anticipated a stronger-than-expected 4th quarter
Target anticipates at 2.5% decline in 4th quarter sales
February
John Mulligan, CFO, expected quarter sales to range from flat to a 2% decline
Sales were within that range
Target sales fell 11% since the breach
1st quarter 2014: Target had a 5.5% decrease in transactions

Reputation Impact

 1st quarter reports show overall improvements

Sales were up 6.8%
Better than the outlook some investors projected

According to General Sentiment:

March 15: + 24% sentiment
December 18 January 24: -47% sentiment

According to YouGovBrandIndex:
February 14: +12% perception
January 13: -35% perception

Reputation Repair

No matter how quickly an entity notifies you, it will

never be fast enough for an individual thats impacted.
Will Pelgrin, CEO, Center for Internet Security
Dec. 20 2013

Pros:
Took action
Good word choices
seemed personal,
guests, trust
Pulled ad campaign
Offered compensation in
a few forms
Q&A page on their
website, updated
information as it came in

Cons:
Didnt say anything until
someone else broke the
story
Story didnt break until 3
weeks after breach
occurred (perhaps due to
further security concerns)
Estimated impact
changed from 40-70
million cards

 Good prior reputation

Accidental crisis Target was a victim, too
Took action to let customers know it was
safe, breach had ended
Provided information on how to end threat
to customers card

Assessment (SCCT)

 Target should have shared the story first,

before Krebs.
Forbes suggested highlighting that risk was
over sooner, more prominently on site.

Recommendations

What was your experience, if any, in the

Target data breach of 2013?
Target CIO resigned in early March - was
that too late? Would it have been more
costly to resign earlier and try to replace
him?
Does resigning help the brand or fix the
problem in any way?

Krebs, B. (2013, December 18) Target Investigating Data Breach. Retrieved from http://krebsonsecurity.com/2013/12/sources-target-investigating-data-breach/
https://twitter.com/search?q=krebsonsecurity.com%2F2013%2F12%2Fsources-target&src=typd
http://bigstory.ap.org/article/fury-and-frustration-over-target-data-breach
http://www.fool.com/investing/general/2014/04/15/why-the-target-data-breach-may-have-been-a-great-t.aspx
http://www.jdsupra.com/legalnews/many-lessons-for-companies-to-learn-afte-19288/
Steinhafel, G. (CEO) (2013, December 20) A message from CEO Gregg Steinhafel about Targets payment card issues. Retrieved from
https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca
Kosner, A. W. (2013, December 20) Targets Biggest PR Mistake with Credit Card Security Breach. Retrieved from
http://www.forbes.com/sites/anthonykosner/2013/12/20/targets-biggest-pr-mistake-with-credit-card-security-breach/
DInnocenzio, A. (2013, December 20) Target customers angered over response to credit-card data breach. Retrieved from http://www.dailynews.com/general-news/20131220/target-customers-angered-overresponse-to-credit-card-data-breach
Belt, S. (2013, December 20) Targets Credit Card Breach Leads to Customer Service Nightmare. Retrieved fromhttp://blog.hubspot.com/marketing/target-credit-card-breach-customer-service-nj
Eversley, M. and Hjelmgaard, K. (2013, December 19) Target confirms massive credit-card data breach. Retrieved from
http://www.usatoday.com/story/news/nation/2013/12/18/secret-service-target-data-breach/4119337/
LIfeLock, (2013, December 24) Target Breach Update: What Your Bank is Saying. Retrieved from http://www.lifelock.com/education/target-breach-update
Target website (2013, December19) Target Confirms Unauthorized Access to Payment Card Data in US Store. Retrieved from
http://pressroom.target.com/news/target-confirms-unauthorized-access-to-payment-card-data-in-u-s-stores
http://www.cnbc.com/id/101287567
http://www.bankofwedowee.com/pdf/Target_Security_Breach_Notification122013.pdf
Elgin, B. (2013, March 26) Three New Details from Targets Credit Card Breach. Retrieved fromhttp://www.businessweek.com/articles/2014-03-26/three-new-details-from-targets-credit-card-breach
Riley, M., Elgin, B., Lawrence, D. and Matlack, C. (2013, March 13) Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. Retrieved from
http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data
Bennett, J. (2014, February 25). Target stock should rise more as data breach impact fades. Barrons. Retrieved from
http://online.barrons.com/news/articles/SB50001424053111904148504579406923001701150
Cheng, A. (2014, April 2). Target data breach has lingering effect on customer service, reputation scores. Market Watch. Retrieved from
http://blogs.marketwatch.com/behindthestorefront/2014/04/02/target-data-breach-has-lingering-effect-on-customer-service-reputation-scores/
Fiegerman, S. (2014, December 2013). Targets credit card breach is bad, but wont hurt business much. Mashable. Retrieved from http://mashable.com/2013/12/19/target-credit-breach-impact/
Finkle, J. & Wahba, P. (2014, March 14). Target warns data breach could be worse than reported so far. Reuters. Retrieved from
http://www.reuters.com/article/2014/03/14/us-target-dataprotection-idUSBREA2D1KX20140314
Skariachan, D. & Finkle, J. (2014, February 26). Target shares recover after reassurance on data breach impact. Reuters. Retrieved from
http://www.reuters.com/article/2014/02/26/us-target-results-idUSBREA1P0WC20140226
The Bureau of National Affairs. (2014, January 13). Target reports direct financial impact from customer payment card breach. Bloomberg BNA. Retrieved from
http://www.bna.com/target-reports-direct-n17179881326/
CBS Minnesota. (2014, January 10). Massive Target breach could have lasting effects. CBS Radio Inc. Retrieved from

http://minnesota.cbslocal.com/2014/01/10/target-70m-may-have-been-affected-by-data-breach/