Target's 'We've Been Breached' sale is a little cynicism for the holidays

A sale, right before Christmas? What an extraordinary step for a retailer to take! And that hefty 10% off is available to everyone. Target's millions of breach victims must be feeling very special.

1 2 Page 2
Page 2 of 2

You know, don't you, that we can see you trying to turn this into an opportunity? You announced that you would be sending emails to impacted shoppers this weekend. But your marketing never misses an opportunity to leverage a disaster. The statement said you would contact "those guests whose E-mails we have," which is a subtle plea for more shoppers to give you their email addresses. Nice try, guys, but your self-interest is showing.

Just because you don't know whether something happened doesn't mean that it didn't happen. "At this time," according to a Q&A posted on your site, "there is no indication that there has been any impact to PIN numbers. What this means is their bank PIN debit card or Target debit card still has this additional layer of protection. It also means that someone cannot visit an ATM with a fraudulent card and withdraw cash." This raises a rant, and a mini-rant.

Rant: Having "no indication" of any PIN impact is certainly different from saying, "We are now convinced that the thieves did not access any PINs." "No indication" simply means you don't know yet. That "what this means" in the statement is highly deceptive. Because if you have "no indication" yet that PINs were impacted, then you cannot be sure that the accessed debit cards still have that "additional layer of protection." And if you have "no indication" yet, then you also can't say for sure that "someone cannot visit an ATM with a fraudulent card and withdraw cash." It's not known yet. I'm sure your PR people will parse the statement differently, perhaps trying to argue that "what this means" simply introduces an explanation of what it would mean if indeed PINs weren't compromised. Another nice try, guys.

The point is that precision in these statements is critical if you're trying to rebuild trust.

Mini-rant: The lack of precision shows up in subtle ways. "PIN" stands for "personal identification number." To say "PIN numbers" is to be redundant. The reason I make note of this is because I know that IT people are bothered by that sort of redundancy, or failure to understand what an acronym actually stands for. One Target IT person, for example, told me that saying "PIN number" is "like people saying they'll put a NIC card in their PC computer just after they take cash out of the ATM machine." (If you don't get the point: NIC stands for network interface CARD, PC for personal COMPUTER, and ATM for automatic teller MACHINE.) The point is that if Target's statement issuers are sloppy enough to say "PIN numbers," they're giving you a clue that the statements they're issuing were hastily thrown together, with little time to reflect on what exactly they say.

It takes chutzpa to clarify one of your earlier slipshod statements in a way that makes it sound like you're correcting someone else. Friday's statement said, "The CVV data that may have been impacted was data in the magnetic strip and NOT the three or four-digit code visible on the card that guests use that would allow someone to make an online purchase." (Emphasis is Target's.)

Thanks for that clarification. Now, where, I wonder, would people have gotten the false impression that the three-digit code visible on the back of payment cards had been taken? Oh yes, that bit of incorrect data was in the original statement that you put out on Thursday. Someone wrote in parentheses in that statement that CVV meant the three digits on the back of the card. That statement was up for several hours before it was magically edited, making the parenthetical statement disappear.

An error like that is bound to happen when a team is responding to a crisis. I'm forgiving of that. But to clarify things without owning up that you are clarifying one of your own statements? That takes guts.

Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek and eWeek. Evan can be reached at eschuman@thecontentfirm.com and he can be followed at twitter.com/eschuman. Look for his column every Tuesday.. Look for his column every Tuesday.

Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon