Did Target’s CEO Get ...


It seems like every Crisis 101 playbook now includes taking out full page ads in a cross section of national and metro dailies to publish an open letter from the CEO.

The tactic gives the company under siege the opportunity to control the narrative.

It can be effective as long as the company surrounds the open letter with other forms of communications, which was the case with Target and its CEO conducting an interview on CNBC.

Still, we’ve seen how the open letter can add to the mess, as highlighted in “Letter to Toyota Customers Hits Pothole.”

With this in mind, let’s reverse-engineer Target’s try –

Dear Target Guests,

Ominous start. Guest? I think this is the case of the copywriter overthinking it. You’re not going to win over the reader with the salutation. I recognize that part of the retailer’s shtick is to refer to customers as guests. I just think this is the time to play it straight.

As you have probably heard, Target learned in mid-December that criminals forced their way into our systems, gaining access to guest credit and debit card information. As a part of the ongoing forensic investigation, it was determined last week that certain guest information, including names, mailing addresses, phone numbers or email addresses, was also taken.

Establishes a conversational tone from the get-go. Even if readers don’t know exactly what “forensic investigation” means, they’ve watched enough NCIS and CSI to understand that this is serious stuff.

Our top priority is taking care of you and helping you feel confident about shopping at Target, and it is our responsibility to protect your information when you shop with us.

Like it. No gamesmanship with the issue, though I think the adverb “truly” was unnecessary.

Please know we moved as swiftly as we could to address the problem once it became known, and that we are actively taking steps to respond to your concerns and guard against something like this happening again. Specifically, we have:

Excellent. The company has an action plan to prevent the debacle from happening again.

1. Closed the access point that the criminals used and removed the malware they left behind.
2. Hired a team of data security experts to investigate how this happened. That effort is ongoing and we are working closely with law enforcement.
3. Communicated that our guests will have zero liability for any fraudulent charges arising from the breach.
4. Offered one year of free credit monitoring and identity theft protection to all Target guests so you can have peace of mind.

Yes, it’s a good idea to remove the malware that the bad guys left behind. The action plan seems reasonable until we get to action #4. Offering free credit monitoring and identity theft protection might give some the vibe that Target isn’t 100 percent confident that they’re going to solve the problem.

In the days ahead, Target will announce a coalition to help educate the public on the dangers of consumer scams. We will also accelerate the conversation–among customers, retailers, the financial community, regulators and others–on adopting newer, more secure technologies that protect consumers.

They’ve got the cyber security religion.

I know this breach has had a real impact on you, creating a great deal of confusion and frustration. I share those feelings. You expect more from us and deserve better.

Empathetic narratives always resonate.

We want to earn back your trust and confidence and ensure that we deliver the Target experience you know and love.

We are determined to make things right, and we will.

Like the straightforward close, striving to touch both the intellectual and emotional sides.

If I were going to quibble – which I suppose I’m about to do – I’d say that Target needs to be “all in” with this approach.

Take a look at the retailer’s home page.

Do you see it?

Sandwiched between the Target masthead and sales promotion, the line “important notice: data incident involving certain guest information.” Followed by a “learn more” to click to the open letter and other information.

But Target doesn’t really want folks to click over. Otherwise, they would have used a visual to grab the visitor’s – I’m sorry – the guest’s attention. Geez, they didn’t even use upper caps for “important notice.”

With that said, I appreciate that crisis communications requires a blend of art and science.

Would welcome hearing your perspectives.


  • Frank Strong

    Well, remember, that customers got emails too with slightly different content (I got one on Friday). Same salutation, but the company does offer free credit monitoring service. All in all, I think they did the best that could be done under the circumstances. Data breach may well be an emerging specialization in PR.

    • hoffman

      If I was grading on curve (against Toyota, BP, etc.), I’d give the Target letter a A-. You can tell they managed to keep the lawyers in a secondary role, always a key to penning a letter that sounds like it came from a human being.

  • Lucia

    Good post! Generally it was a good customer letter. For the appellation of “Guest” – personally I reckon it stayed neutral with respect. After all, even though I buy a product many times, it doesn’t mean i am a truly friends or advocates. Cannot agree more that the “important notice” on the website was a faulty stroke.

    • hoffman

      Hi Lucia,

      Thanks for taking the time to share your perspective. Obviously, I wasn’t at Target during these discussions, but I suspect a spirited debate took place on how to handle the website. I bet some executives took the position that no information on the data breach should go on the website. Perhaps, it was a compromise to handle it the way they did. Still, I think they missed an opportunity.

  • Jeff Domansky

    Hi Lou, good analysis and generally agree Target’s letter is well done. It’s very common to see a weakness in not integrating messaging in other channels. If you look at most FDIA food recalls, the vast majority of companies don’t mention the recall or consciously bury it on their websites. It’s usually a case of the marketing dept saying it’s better not to highlight a problem. Transparency, consistency and integrity will bolster reputation every time. It’a valuable crisis PR/reputation lesson and thanks for pointing it out.

    • hoffman


      That’s a fair point. I’m sure you’re right with marketing saying something to the effect: “What’s the point of falling on our sword twice.”

      I was at the Holmes conference this past week with one of the panels focused on owned media. My friend and colleague Sam Whitmore pointed out that while the Southwest Airlines blog has won accolade after accolade, there wasn’t one single word on the blog about the pilot who landed the plane at the wrong airport.

      The point being, even companies known for “transparency” are still trying to figure this stuff out.

  • Managing a Security Breach, Part I: Crisis Communications - Security Information Event Management

    […] in comprehensible terms. As Lou Hoffman, president of the Hoffman Agency recently noted about the Target president’s letter to customers after their security breach, “Even if readers don’t know exactly what […]


Leave a Reply