Target CEO Gregg Steinhafel resigned from his position after the retail giant was subject to one of the largest cyber-attacks in Commerce history.
The cyber-attack which began on Black Friday, November 29th 2013, and lasted until December 15th resulted in just over 110 million payment cards being compromised. Steinhafel’s resignation has raised a few questions, mainly if he resigned due to the massive data breach or simply because he was not prepared for such a breach.
Retailers of all shapes and sizes should be prepared for some sort of outside attack on its system. Even if your data is secured and compliant to PCI regulations you should treat threats as they are always imminent. We can look back at how Target, with Steinhafel at helm, treated the situation and learn from these mistakes.
When dealing with sensitive data all retailers should be prepared with more than one fundamental crisis response concept. Here we will provide 3 of the most important concepts to aid with the aftermath of a data breach.
1. A pre-planned customer response strategy: Every company which deals in sensitive data should be prepared to handle its most valued asset in the result of a data breach or cyber-attack, its customers.
Target slightly fell through on properly notifying its customers after the incident. Security blog KrebsonSecurity was the first to uncover the matter after the Secret Service was already brought on board to investigate. Response time is critical, given Target would have made the matter public beforehand it could have spared some of the negative press and customer backlash.
Retailers and the financial institutions behind their payment scheme should always be prepared with customer support scripts, digital communications such as emails, and social media strategies. These strategies should be able to be edited to include specific informati0on, facts, and tactics in regards to handling the matter.
ACY Securities Supports ASIC’s Product Intervention OrderGo to article >>
2. Not releasing any information until all the facts are available: One of the mistakes made by Target shortly after the incident was releasing inaccurate facts on the attack. Initially the number of reported compromised cards was 40 million. That number quickly grew 110 million cards. It was also found that the attack was not targeted solely at Target but also towards other retailers such as Neiman Marcus
A full proper investigation can takes weeks to complete if not months. Target in willingness to be up front to its customers failed to offer the credibility needed during the crisis. It is best to explain the situation to your customer base and other outside outlets, withholding exact details and parameters until it is all made clear.
3. Experienced leadership: While in the midst of a crisis like a data breach, it best, specifically for large retailers and financial firms to have managers and executives who have been through a similar experience. Not only could this have help prevent such an incident altogether, it could help with handling the matter more professionally and calmly than how it was handled by Target.
The cyber-attack and not handling it properly took a hit to Target’s store traffic drastically. The attack not compromised the cards in the database, but also compromised Target’s brand as a dependable retailer.