Target Corp. feels customers' fury over response to card-data breach

Target is offering 10 percent off purchases on Saturday and Sunday, in a goodwill gesture. But complaints are mounting about the retailer's response to massive theft of customer credit-card data.

A few weeks after telling Target stockholders about the retailer’s “fun, easy shopping experience,” CEO Gregg Steinhafel is now having to explain to Target Corp.'s 40 million shoppers why they got a big chunk of coal in their stockings.

The victim of the second-largest credit-card heist in history – and perhaps the most audacious – Target may now also be a victim of public opinion, which appears to have swung fairly hard against it, during the prime holiday shopping season, no less.

The company’s stock rebounded by Saturday after dipping nearly 2 percent to $62.27 in the wake of its revelation Thursday that its data-security system had been breached and customers' card data had been stolen. But that bit of good news is being overshadowed by reaction to what has become a fiasco for the Minneapolis-based mega-retailer.

“ARE YOU KIDDING ME!!! … ARE YOU KIDDING?” a customer identified as Bekah Sims Andrews wrote on Target’s Facebook page, complaining that she had waited 48 minutes on hold to reach the company – and then her call was dropped. Hers is one of more than 1,000 comments venting frustration and outrage that Target did not better protect customer data, that it did not disclose the theft sooner, and that its efforts to make things right have not been satisfactory. 

On the Facebook page, customers report having trouble getting through to the retailer by phone. On Saturday, the company noted that reported instances of actual fraud are small, but said it will be offering customers free credit-card monitoring and, on Saturday and Sunday, the same 10 percent sales discount it provides to its employees.

“We take this crime seriously,” says Target CEO Gregg Steinhafel, in a video posted to Facebook. “It was a crime against Target, our team members, and most importantly our guests.” He also assured Americans that the breach had been locked down and that “guests … can shop with confidence at their local Target stores.” The thieves did not obtain data from Target's online shopping emporium, but rather from the almost 1,800 retail stores across the country.

Target, which pays about $1 billion in stockholder dividends each year, is now also facing legal pressure. Four state attorneys general have launched investigations. Several consumer lawsuits have also been filed, one of which criticizes the company’s cybersecurity system. It also alleges that Target conveyed “a false sense of security” when it announced the problem was resolved when, in fact, customers may “face years of constant surveillance” of financial records and a “loss of rights.”

Already, illicit Internet marketeers, perhaps based in Eastern Europe, are selling the card numbers for between $20 and $100 each, according to the insider Web security website Krebs on Security. Credit-card companies are expecting anything from an uptick to an onslaught of fraud reports.

In general, retailers face increasingly sophisticated challenges to their Internet security, says Tom Field, a vice president at Information Security Media Group, in Princeton, N.J. 

But Target’s challenge now is not to play victim, but to figure out how to ride out the storm of negative public opinion, experts say.

"There's never a good time for this to happen," Charles O'Shea of Moody’s Investors Service told the Los Angeles Times. "But if there's a worse time than during the holidays, I'd like to know what it is."