“While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed,” it says in its Friday release. “We remain confident that PIN numbers are safe and secure.” It reiterated that despite this development, “the most important thing for our guests to know is that their debit card accounts have not been compromised due to the encrypted PIN numbers being taken.”
The breach, which occurred between Black Friday and Dec. 15 and potentially affects some 40 million Target shoppers, has blackened the Bullseye brand in a big way. The YouGov Brand Index reports that Target has fallen to its lowest levels since 2007, and for the first time, is registering more negative opinions than positive. The index is based on the opinions of 15,000 adults in the U.S., who respond to the question: "If you've heard anything about the brand in the last two weeks, through advertising, news or word of mouth, was it positive or negative?"
Target's Buzz score for the week leading up to the data breach announcement was 26. One day later, it fell to -9, eventually bottoming out at -19. And while it made a small comeback later in the week, it is “still deep in negative numbers,” says a spokesman for the index. He says he expects to see the impact of the PIN revelation by Monday. Prior to the breach, the lowest score Target has ever gotten on the Index was 10.
The Wall Street Journal reports that the chain's traffic in the final weekend before the holiday dropped between 3 and 4% as a result of the theft and ensuing publicity maelstrom.
Meanwhile, Target is devoting intense efforts to its social media outreach, fending off an outpouring of hate: “How can anyone trust Target?” asks one poster. “Lies, lies, lies,” writes another. “No one should shop at Target — ever! They do not care about you!” Shopper frustration has moved well beyond boycotts, and includes a clamoring for lawsuits, which are already piling up by the dozens. “You bet ur ass I'm planning to sue,” writes one. “Let's open a can of Whoop Ass [pepper spray] on them,” adds another.
Because some politicians are calling for a federal investigation into whether Target is at fault for the breach, the company hosted a call for attorneys general across the country, and says the majority of state offices were in attendance. “We felt it was important to proactively bring this group together to provide them with information about the issue and answer their questions as well as those of their constituents.” It says it is also partnering with the Secret Service and U.S. Department of Justice. “We want to be clear that neither entity is investigating Target,” it says. “Rather, we are partnering with both on the ongoing forensic and criminal investigation.”
While other brands, including Citibank and TJMaxx, have bounced back from data breaches, it won't help that late-night comics are taking aim at Target, too. Asked Jay Leno: “More than 40 million customers? The NSA was really impressed!”
Quipped Conan O’Brien: “A spokesperson said, ‘Maybe we shouldn't have named ourselves Target.’”