Jessica Feltner

Crisis Management: Target Data Breach

Crisis management is a fundamental part of public relations. How well an organization
manages itself in a crisis is crucial for their reputation and future. If an organization is not
capable of managing a crisis effectively, it could be catastrophic. Target faced a major crisis in
2013 when customer information was stolen in a massive data breach. The way Target handled
the crisis is represented by the Public Information Model as well as the Image Repair Theory.
Target is a nationwide retail store that is based out of Minneapolis, MN. They have
around eighteen hundred stores across the United States and employ around 347,000 team
members. In December of 2013, it was announced that criminals had gained access to credit card
and debit card information as well as guest information. The guest information stolen included
email addresses, names, mailing addresses, credit card and debit card numbers and pin numbers.
The criminals also managed to gain access to information stored on the magnetic stripe on the
back of credit or debit cards. This allowed the hackers to create counterfeit cards to withdraw
money from ATMs. Later on, Target announced that the breach did not include any online
purchases and the specific dates of risk were between November 27, 2013 and December 15,
2013.
According to the textbook and the Harvard Business Review, a crisis is a situation that
has reached a critical phase for which dramatic and extraordinary intervention is necessary to
avoid or repair major damage. The way a company handles a crisis can influence how they are
perceived for years to come. If they handle it poorly, it could ruin the organizations reputation as
well cause them monetary loss. However, if it is handled quickly and thoughtfully, it could
reinforce their positive reputation and goodwill. There are seven potential warning signs that
occur in the face of a crisis. The first is surprise. Target was extremely surprised by this crisis
because they were not the ones to announce it to the public. The news of the data breach was
actually leaked by a blogger named Brian Krebs. Krebs recently worked for the Washington Post,
but decided to go on his own in 2009. He developed his own website, KrebsOnSecurity.com,
where he makes posts concerning security related topics. In December of 2013, small bankers
came to him, reporting their fraud rates were going off the chart. He went to a common site that
sells stolen credit cards and he saw they had just received a huge shipment. He matched the BIN

(Bank Identification Numbers) numbers on the cards with the banks that issued them and
confirmed that the banks all had stolen cards on the market. Their common point of purchase:
Target. The next two warning signs, insufficient information and escalating events, go hand in
hand in Targets case. At first, Target released that there were 40 million people affected by the
data breach. Later on, they released that 70 million had also gotten their information stolen,
totaling 110 million people in all. With this insufficient information and Target continually
revising their initial statements, it escalating the crisis even more. Target experienced the fourth
warning signal, loss of control, when they dealt with affected customers, the public, and the
banks all at the same time. Now, the credit card companies involved were threatening to sue
Target for the cost of sending out all new cards. Increased outside scrutiny is another warning
sign that affected Target. The Secret Service, The Department of Justice, and other third parties
were conducting their own investigations, making it hard for Target to keep control. Also,
customers were still looking for answers on how this happened. The last two warning signs, siege
mentality and panic, are when everything starts to cave in. Target lost control and is wondering if
what they say will potentially be used against them. At this point, it is hard to focus on getting
the information out and moving forward.
Target handled the crisis in a variety of ways. Some of their tactics worked, while others
could have been thought out more. Target notified authorities and financial institutions as soon as
they were aware of the breach. This allowed them to get outside help and get the investigation
started. They also gave many public apologies and conveyed sensitivity to the public. Target
even offered free credit card monitoring services for a year for those affected. Also, on their
website they had a section for Frequently Asked Questions concerning the data breach. This was
a very good move on Targets part because customers could frequently check this page and stay
updated on what they needed to be doing. However, even though Target did those good things,
there were a variety of things they could have done better. First, Target should have never
allowed Brian Krebs to leak the story. They were playing catch up the rest of the time and could
never get in front of the story. Also, Target waited a whole entire week before releasing the
information about the data breach to the public. They should have done it as soon as they could
get an effective statement out to the public. When Target did release the information, it wasnt
correct. This made it extremely difficult for customers to trust Target and their information. All in
all, Target did the best they could with the situation they were put in. They provided steps for

customers to take and gave them the best information they had available. However it did
diminish their holiday sales as well as their overall sales for 2013. They ended up firing their
CEO as well. In the end, it is just a situation of bad PR. The only thing Target could do is focus
on making customers feel safe again.
Target used the Image Repair Theory during the data breach crisis. The Image Repair
Theory is when the accused is held responsible, and the act is considered offensive. The five
strategies along with this theory are denial, evading responsibilities, reducing offensiveness,
corrective action, and mortification. Target mainly used denial and evading responsibilities. They
werent denying their involvement, but tried to put the majority of the blame on the criminals as
well as the credit card companies. Later on, they attempted to reduce offensiveness by offering
the counseling programs to the affected customers. Target also used the Public Information
Model. This model is all about one-way communication. This is how Target got most of their
information out to the public. The one-way communication includes anything from press releases
and conferences to a statement being released, but doesnt not involved interaction with the
customers.
Even though Target had a major crisis on their hands, it didnt completely ruin their
organization as a whole. They experienced a loss in sales as well as some mistrust from
customers, but in the end Target will still be successful. Customers will continue to shop at the
nationwide retail store and Target will continue to regain trust. Target could have handled the
crisis better, but they managed to not let the crisis be catastrophic to their business.

Sources
Blair, C. (2014, January 16). How an Independent Reporter Broke the Target Security Breach
Story, and a What Risk. Retrieved from http://ajr.org/2014/06/16/reporter-mingles-criminalscover-cybersecurity/
Eversley, M., Hjelmgaard, K. (2013 December 19). Target confirms massive credit-card data
breach. Retrieved from http://www.usatoday.com/story/news/nation/2013/12/18/secret-servicetarget-data-breach/4119337/
Kerner, S. (2014, January 16). How the Target Breach Happened. Retrieved from
http://web.a.ebscohost.com/ehost/detail/detail?sid=dd9f021f-3d4e-41eb-865e-a042d0550a4b
%40sessionmgr4004&vid=4&hid=4114&bdata=JkF1dGhUeXBlPWNvb2tpZSxpcCx1aWQmc2l
0ZT1laG9zdC1saXZl#AN=93880328&db=a9h
Stone, J. (2015, September 21). Target Hackers Had Access To All Of Chains US Cash Registers
in 2013 Data Breach: Report. Retrieved from http://www.ibtimes.com/target-hackers-hadaccess-all-chains-us-cash-registers-2013-data-breach-report-2106575
Stout, H. (2014, January 10). To Regain Trust, Target Must Do More, Crisis Experts Say.
Retrieved from http://www.nytimes.com/2014/01/11/business/to-regain-trust-target-must-domore-crisis-experts-say.html?_r=1
Wallace, G., Pepitone, J., OToole, J., Isidore, C., Pagliery, J., Johns, J. (2013, December 19).
Target: 40 million credit cards compromised. Retrieved from
http://money.cnn.com/2013/12/18/news/companies/target-credit-card/index.html
https://corporate.target.com/about/shopping-experience/payment-card-issue-FAQ