Timely Apology Email
Today, Target sent out an email. Because I’ve never signed up for any selective Target lists, I’m assuming this email went out to every email address Target keeps. The email was timely; not for the 110 million people possibly affected by the data breach, but for me because I had a blog due. For many affected by the breach, this is the first contact from Target almost a month after the news broke.
The Target hacking apology email, which began, “As you may have heard or read…” goes on to state the (apparently) obvious: there was a data breach; nobody is safe. It goes on:
- We’re truly sorry (is there any other way to be sorry these days?).
- Then, we care; please stay with us value proposition (in this case, free credit monitoring).
- Finally, some
elementaryreally helpful bullet points on suspicious activity to be aware of. If you get an email asking for your SSN and a wire for $5,000, don’t do it, even if it comes from Target.
Timing is Key
My biggest problem with this email is that it comes three days shy of the one month anniversary of Target going public with the breach. You can find a timeline of that here. As a general rule of thumb, if your email starts with “As you may have heard or read…”, you’re already too late. Yes, we should have heard or read – from you! – a month ago. The assumption seems to be that every last person who might have been affected heard of the data breach via other sources – the news(paper), social media, blogs, etc. – and took appropriate action based on those sources. But what if what they heard was incorrect? What if key details were left out? I personally had someone tell me that only those who used a Target Credit Card were affected (not true).
In short, my experience would have been better if I received this email on day one rather than Day 25. It’s not like any of the information in this email was not known on Day 1, but the lag makes it feel like Target was being negligent or trying to cover something up.
I’m a Cynic
In the email today, Target offers one year of free credit monitoring. It’s a friendly gesture, but the cynic in me couldn’t help but notice that the first thing you’re asked to do is sign up. And that means – surprise! – enter your email address to receive the free code. They definitely won’t store those email addresses for future use or anything…
Furthermore, the email directs curious customers (and it’s not hyperlinked, which is sloppy) to Target.com for further information. This suggests that, sure, they want us to find other data breach FAQ information, which requires another click, and could be hyperlinked right there in the email. But what they really want is for everyone to land on the homepage first, to read about their sale on activewear. If you’re going to take the time to email me to show that you care, don’t make me visit your homepage to get the full story. (I’m sure I’ll get that request in a followup email about your year end CLEARANCE! anyway.)
Target missed a great opportunity here; They could have sent a really great email on Dec. 18, which would have shown them to be thoughtful, forthright and transparent. Instead, they sent a pretty mediocre one on Jan. 13.
Furthermore, I feel this is an opportunity lost on behalf of some banks. My bank has not reached out to me once, and while I know there are data breaches every day, this one was a national story, and banks would have been smart to reach out to their customers and advise on next steps, and what the bank is doing to protect them. [Note: Some of my colleagues did receive notices from their bank that they were part of the Target breach and would be receiving new credit cards in the mail.]
Target obviously has a big, smart marketing and communications team. Maybe there was some reasoning behind the delay. Even so, I feel like just getting an email right off the bat to let me know they were as upset about the breach as I was would have helped. And it would have made me more willing to wait until Jan. 13 for them to join the national conversation being had about their brand.