The recent data breach by Target, the second largest in retail history, offers some very important lessons in how to do and hownot to do crisis communication.

Let’s review the message that was issued December 20, 2013, a day after the massive data breach that affected 40 million consumers between Nov. 27 and December 15, the busiest shopping period of the year. They did a lot of things right. And several things that wiped out that goodness. Here’s what we can learn from their mistakes.

This apology (also in video format) is from A Bullseye View, target’s online behind-the-scenes magazine and the CEO, Gregg Steinhahel:

Yesterday we shared that there was unauthorized access to payment card data at our U.S. stores. The issue has been identified and eliminated. We recognize this has been confusing and disruptive during an already busy holiday season. Our guests’ trust is our top priority at Target and we are committed to making this right.

So far, so good. Accepting responsibility for what happened. Focusing on the trust of their customers as the top priority. Perfect start.

Next statement:

We want our guests to understand that just because they shopped at Target during the impacted time frame, it doesn’t mean they are victims of fraud. In fact, in other similar situations, there are typically low levels of actual fraud. Most importantly, we want to reassure guests that they will not be held financially responsible for any credit and debit card fraud. And to provide guests with extra assurance, we will be offering free credit monitoring services. We will be in touch with those impacted by this issue soon on how and where to access the service. In the meantime, here are some additional tips:

Excellent. Reassure your customers and add additional facts they can use about what their actual risk is. Repair the damage by offering free credit monitoring services. Excellent crisis communication response so far.

Next statement:

We understand it’s been difficult for some guests to reach us via our website and call center. We apologize and want you to understand that we are experiencingunprecedented call volume. Our Target teams are working continuously to build capacity and meet our guests’ needs.

This is where is starts to slide. I think the phrase “unprecedented call volume” needs to be expunged from our language. Really? You didn’t think 40 million cases of data breach might cause a few calls? A company the size of Target should be able to figure out how to staff up for a massive corporate communications issue like this. I kinda’ get it, but they could have done better. This is weak.

Next statement:

We take this crime seriously. It was a crime against Target, our team members, and most importantly, our guests. We’re in this together, and in that spirit, we are extending a 10% discount – the same amount our team members receive – to guests who shop in U.S. stores on Dec. 21 and 22. Again, we recognize this issue has been confusing and disruptive during an already busy holiday season. We want to emphasize that the issue has been addressed and let guests know they can shop with confidence at their local Target stores.

Sigh. This is where I start slapping my forehead. When I see some corporate communications or advertising, I often envision the conversation in the board room where the decision was made. And it’s not a pretty scene in this case, I suspect.

I’ve been in those conversations and they are never pretty but someone needs to be the adult in the room. I generally hope it’s the CEO but sometimes, he is caught up in the emotion of it all. So then I hope the head of CorpComm or PR has some sense. Apparently no one did in the conversation in the Target board room on this.

So what could have been better?

1. Be very timely.

In 2013, waiting a full day to construct a response is insufficient. As soon as the news was announced, official communications from Target (press release, social media, website) should have gone out indicating that they were on top of the issue and that they would issue new statements as new data was found. They needed to reassure customers immediately that they were on top of the problem and addressing it. They needn’t have waited a full day to do a polished video series before saying word one about the issue. #fail

2. Serve your guests/clients/visitors, especially in times of need.

Target’s Redcard login website and phone lines failed as people tried to understand how this would impact them and their families during a very vulnerable time of year for shoppers. “Can I still use my card?”, “How do I know if I was affected?” There are a lot of very basic questions that need to be addressed in these situations. To say you have “unprecedented call volume” is unacceptable. They should have figured out a way to serve their guests when they had so clearly violated their most basic trust. #fail

3. Language and syntax matter when apologizing.

Yes, it was a crime. As the CEO said: “It was a crime against Target, our team members, and most importantly, our guests.” However, the most important party, in this case, the actual victims, the guests should be listed first. “It was a crime against our guests, our team members and against Target.” Is how that sentence should have read. #miss

4. Do not grease your own pockets when you have violated the trust of your customers.

The 10% discount was completely inappropriate. Offering your customers a discount that essentially gets you the lion’s share of their purchase is self-serving. Self-serving is never appropriate in an apology (“Gee, I’m really sorry I hurt your feelings. Can you rub my feet to make me feel better now?” … it’s just patently ridiculous as a personal route, so why is it OK as a corporate route?). I noticed this discount offer is now not part of the official Target.com apology.

According to one report, Target didn’t have time to post the offer in its advertising. I get that. I also get that Target did not want to lose traction on the weekend of Dec. 21-22, when most of the procrastinators in America would be beginning their Christmas shopping, and the rest would be doing stocking stuffers and other final gifts. I do. I admire a company that understands profitability. I just would have recommended that they seize the opportunity to use their social media channels in a fun way to get the word out to their customers about the discount offer. Offering the coupon virally would have been far more imaginative and would not have sullied their otherwise very good crisis communication. #epicfail

Crisis communications are never easy. The key is to keep it simple. Take responsibility for the problem you caused and fix it. And then do that. Don’t try to tack on some way to make it easier for you, or make money out of it. That never leads to good places in crisis communications.

What do you think they could have done better?

Complimentary Consultation

ThinkResults Marketing is a full-service marketing agency specializing in launch and repositioning projects. We have helped dozens of Silicon Valley and global clients raise millions of dollars in additional revenue and funding.

Contact us for a free 30-minute consultation on your brand project with our CEO and Founder.Email us to set up your complimentary consultation and have your questions answered.