By Lauren Coleman-Lochner
and Lindsey Rupp
Target Corp. finds itself grappling to maintain customers’ loyalty a week after it announced a breach that exposed data from 40 million debit and credit cards.
Since disclosing the breakdown last week at the height of holiday shopping season, the second-largest U.S. discount chain has agreed to give some shoppers free credit reporting, assured them they wouldn’t be responsible for fraudulent charges and offered a 10 percent discount on purchases last weekend to regain their trust.
In a news release Tuesday, Target said it was unveiling a dedicated website for communications to customers.
“They’ve been doing everything that they can,” said Robert Passikoff, president of New York consulting firm Brand Keys. Still, “you’re going to see, at the wrong time of year, people who are moving to other alternatives until some comfort level comes back.”
Target said Dec. 19 that security for the cards may have been breached between Nov. 27 and Dec. 15 as they made purchases in stores.
While the chain said it had identified and resolved the issue, the compromise occurred during the most important period of the year for retailers and with shoppers already showing reluctance to spend.
The retailer said it’s aware of “limited incidents” of fake communications claiming to be from Target, prompting it to set up the dedicated breach communication site.
Even before the incident, Target had been struggling to boost sales and earnings.
Target said Monday that it has doubled the number of staffers answering inquiries at its call center and has communicated with 17 million customers via email.
It also hosted a call for state attorneys general to speak with its general counsel for an update on the breach. Representatives from most states participated in that call, Target said.
The retailer is already facing almost two dozen lawsuits, mostly from customers accusing the company of failing to safeguard their information.
Target also has agreed with New York’s attorney general to provide a year of free credit monitoring to New York victims of the breach.
Security is one of the most important elements of brand loyalty, Passikoff said.
“Although people take it for granted, when it falls apart, it becomes a gaping hole, and that’s what happened to them,” he said.
The breach also has shown that security in the United States is weaker than in some other countries that now use credit cards with embedded chips that are more secure than magnetic strips to store account data, according to Dan Kaminsky, co-founder and chief scientist at White Ops, a cybersecurity firm in New York.
The U.S. payments industry has said it will replace magnetic strips by 2020, a deadline that could now be accelerated in the aftermath of the Target breach, Kaminsky said last week.
While card-swiping devices have been hacked in the past, the incidents typically occurred at a single machine or store, not chainwide, which is why this breach is troubling, Kaminsky said. Target said account numbers, expiration dates, cardholder names and credit verification value had been compromised. That kind of data could be used to make counterfeit credit cards, Kaminsky said.
Given the scope of the Target breakdown, the retailer’s efforts so far have been “anemic” and “misplaced,” said Rob Frankel, a Los Angeles-based brand consultant.
“They could have put their foot down and said we’re going to the European-style credit card for our stuff because it’s a lot more secure, and we’re proud to be the first ones doing it even though it’s more expensive,” Frankel said.
The company said it is investigating the breach with the U.S. Department of Justice and the Secret Service, which asked it not to share details of the probe. U.S. Senator Richard Blumenthal, D-Conn., also has urged the Federal Trade Commission to probe Target’s data-security practices after the breakdown.
The retailer’s customers have been affected in other ways, too. JPMorgan Chase & Co., the biggest U.S. bank, had placed spending and withdrawal limits on 2 million customers who used debit cards at Target. The bank had set limits of $100 in cash withdrawals and $300 in purchases and on Tuesday lifted those to $250 in withdrawals and $1,000 in purchases.