After missing the bull’s-eye in its initial response to a massive hack that affected millions of its customers, Target (TGT) is trying plan B -- wooing disgruntled shoppers with a discount and free security monitoring for those affected.
The 10 percent discount was offered over Dec. 21-22, the last shopping weekend before Christmas. “We recognize this issue has been confusing and disruptive during an already busy holiday season,” Target chief executive Gregg Steinhafel said in a statement.
The offer was met with a mixed reception. Some customers were undeterred by the security breach and told the Minneapolis Star-Tribune that they felt the 10 percent discount was “a nice bonus.”
But Target’s Facebook page, which has become a focal point for customers’ frustrations since the breach was disclosed, was filled with more negative reactions.
“10 percent off is BS as my shopping is done,” wrote one customer, who said an unknown person had taken $200 from her checking account. “Having a debit card canceled on a weekend with no access to money blows.”
The headaches for Target customers were compounded over the weekend when JPMorgan Chase (JPM) put new spending limits on customers with debit and credit cards that had been used at Target during the breach, which lasted from Nov. 27 to Dec. 15. Chase debit card customers were hit with a $100 per day cash withdrawal limit, while credit-cards were given a $300 per-day limit, Reuters notes.
With the hassles mounting, Target is seeing a major backlash from customers. As CBS MoneyWatch reported on Friday, many customers said it was nearly impossible to get through to the store’s customer-service rep, while others reported problems logging into Target’s REDcard credit card website.
Even worse for the affected Target customers, there’s evidence that some of the hacked cards are already being sold on the black market, according to security expert Brian Krebs, a former Washington Post reporter who first reported the Target breach on his blog. The cards are selling for $20 to $100 each, Krebs notes.
While Target at first recommended its customers take advantage of their right to an annual free credit check, the company has since upped its response. CEO Steinhafel said Target will offer free credit monitoring. The details will be announced to affected customers soon, his statement added.
But the damage is likely already done. The first misstep? Target was behind the ball on announcing the breach, with security expert Krebs first reporting the stolen cards on his blog.
“The breach itself and the fact that the source of the disclosure was a blogger, not the company, were both hits to Target’s perceived trustworthiness,” Eric McNulty, director of research and professional programs at Harvard's National Preparedness Leadership Initiative, wrote at the Harvard Business Review blog.
Businesses need to be prepared for breaches like the one that hit Target, McNulty notes. “The United States is a particularly rich target because our credit and debit cards rely on magnetic strips rather than chips for validation; it is an old technology,” he pointed out.
Given that credit-card theft is a hazard of 21st century life, many customers expected Target to be better prepared. The security breach, after all, doesn’t even rank as the biggest to hit a U.S. retailer. That prize goes to TJX (TJX), the parent company of T.J. Maxx and HomeGoods, which had at least 45.7 million credit- and debit-cards stolen in 2007.
“There is nothing more stressful than knowing your bank account is at risk of getting cleaned out and it took two days to get through to someone to cancel my Red card,” another customer wrote Sunday on Target’s Facebook page. “I don't blame Target for getting hacked, but I do blame them for poor management after the fact.”