If you have some holiday shopping to do at Target, better bring some cash. A day after reports emerged that Target has been hit by a credit card security breach, the retailer confirmed it this morning – and said some 40 million shoppers could be at risk.
Happy holidays! Hope you don’t mind buying gifts for thieves who are using your credit card number.
Potentially affected are any credit and debit card users who made purchases from Target between November 27th and December 15th. And yes, that includes Black Friday, one of the busiest shopping days of the year. If upwards of 40 million cards were indeed affected, that would make this the largest retailer security breach since 2007, when the owners of T.J.Maxx and Marshall’s reported more than 45 million credit and debit cards used at its stores had been compromised.
It’s not known whether Target REDcards issued by Target itself were affected, or only debit and credit cards issued by Visa, MasterCard or other third-party credit card providers. Online orders were not affected. Target is advising anyone who used any card in stores, during the time period in question, to “check your account for any suspicious or unusual activity. If you see something that appears fraudulent, REDcard holders should contact Target, others should contact their bank.”
That’s hard to do, since Target’s REDcard site is inactive as of this writing. It’s unclear whether Target has temporarily disabled access while it works behind the scenes, or whether it’s getting slammed by shoppers trying to check their accounts. Customers are also reporting that they’re having a difficult time getting through to Target’s customer service phone number.
Target does say that it has “identified and resolved the issue of unauthorized access to payment card data,” so “guests can shop with confidence.”
But news that one of the nation’s largest retailers has been hit during the busiest shopping period of the year, inspires anything but confidence among shoppers. Target’s Facebook page is already flooded with comments from angry customers. “How am I supposed to monitor my card if I cant access my account?” writes one. “I am NEVER trusting this company again! CANCELLING MY REDCARD!!!! 5% is NOT worth my identity!” writes another. A third questions, “18 days to recognize a security breach? Another 4 days before notifying customers? How can you expect customers to continue to want to shop in your stores?”
Indeed, in such cases, a retailer’s response to a breach can sometimes cause more damage than the breach itself. Earlier this year, the St. Louis-based grocery chain Schnucks faced intense criticism and even lawsuits, for continuing to allow shoppers to use credit and debit cards in stores even after it became aware that its systems might have been compromised. Security experts typically advise affected retailers not to publicly disclose a breach, until the problem is resolved. That makes it easier to contain the problem, but doesn’t exactly endear a store to its shoppers.
Of course, some would argue that Target is as much a victim as its shoppers – those who hacked into its system are the real criminals here. But good P.R. can be key to determining whether a retailer emerges from a security breach with its reputation damaged, or unscathed.
Take the case of several Pacific Northwest grocery chains recently affected by a security breach. They took the opposite approach from Schnucks and Target. Several supermarkets under the URM Stores umbrella, including Rosauers, Yoke’s and Super 1 Foods, announced their systems were hacked last month. Instead of keeping quiet about it until the problem was resolved, they alerted customers right away and advised them to pay by cash or check, or to swipe their cards using a slower, backup dial-up connection that was not affected by the attack. In addition, all customers got a 10% discount for their troubles.
Customers were deservedly upset that their information had been compromised, but many appreciated their stores’ transparency and honesty. “This is a fantastic store, they’ve always treated me really well,” one shopper told Spokane’s KREM-TV. “They meet you at the door, they tell you what’s going on, they explain it, and then they tell you 10 percent off,” gushed another.
And goodwill can pay off, for retailers. A recent study on security breaches found that the odds of a company being sued in federal court for a credit card hack, are six times lower if it provides free credit monitoring following the breach.
So far, Target is only issuing a warning. But many Target shoppers are issuing their own warning – if their accounts were compromised while shopping at Target, they may choose to finish up their holiday shopping, somewhere else.
You may also like: