You’ve likely heard by now — it’s been a rough holiday season for Target.
The Minneapolis-based retailer revealed today that personal information for up to 70 million individuals was stolen, including names, mailing addresses, email addresses and phone numbers. This is in addition to the December 19 announcement of a massive security breach affecting the credit and debit card information for 40 million customers who shopped in-store between November 27 and December 15. Specifically the customer name, debit or credit card number, expiration dates, CVV and encrypted PIN numbers were stolen in nearly 1,800 stores.
Company spokeswoman Molly Snyder told Bloomberg that it’s likely the two groups of affected individuals overlap, but to what extent is not clear at this point. Total number of consumers affected could reach 110 million.
The company also announced today that it would offer free credit monitoring and identity theft protection, however details of that program will be released next week.
“We know this incident has been a confusing and stressful time for our guests, and for that we apologize,” said Scott Kennedy, president, Finance and Retail Services at Target in a statement. “We hope this offer provides them with additional peace of mind.”
The company has indicated that attack did not affect Target Canada stores, nor did it affect purchases made on Target.com.
Some Target customers are criticizing the company’s response to the security breach. After the story broke, customers reported on Facebook not being able to reach the customer service department over the phone, not getting a timely response to emails and being unable to access the account management website for REDcard, Target’s credit card. And in one report that made headlines, an Arizona woman reported waiting on hold for nearly 6 hours on December 30 with an issue not related to the breach.
Target spokeswoman Molly Snyder said the company had begun notifying customers via email (for those addresses it had) and quadrupled the load capacity for the REDcard site (which experienced an outage on the day of the announcement). She also said that the company experienced higher than normal call volume, and was adding hundreds of staff to its call centers to respond.
StellaService Data Shows Spikes in Response Times
StellaService data for the second half of December shows increases in Total Time to Live Agent, a metric that measures how long it takes to reach a human customer service representative, including time spent navigating interactive voice response systems (IVRs).
Given the scale of this customer service challenge, Target need a swift, strategic response. The company’s announcement on December 26 that it had tripled call center support was clearly the right move given the retailer experienced unprecedented call volume that certainly affected customer service performance.
Here’s the breakdown of phone response times mapped to key dates:
Date/Event
Target’s Time to Live Agent
Average Time to Live Agent for Mass Merchant
Dec. 18: Security blogger Brian Krebs broke the story.
7m 9s
2m 41s
Dec. 19: Target issues official statement.
1m 40s
2m 35s
Dec. 20: Target publishes message from CEO Gregg Steinhafel.
Call Abandoned*
5m 6s
Dec. 23: Target doubles call center support.
3m 48s
1m 53s
Dec. 26: Target triples call center support.
Call Abandoned*
2m 19s
Dec. 27: Target announces that strongly encrypted PIN data was removed.
6m 18s
4m 45s
*In the days following Target’s announcement, our analysts were unable to reach a Target agent in four attempted interactions. StellaService Analysts abandon phone calls after being on hold for more than 20 minutes or after three unsuccessful attempts to contact the retailer (such as a busy signal, dropped call or line is down/inaccessible).
December 20: Call was disconnected on third and final attempt
December 21: Agent waited on hold for 20 minutes
December 22: Agent waited on hold for 20 minutes
December 26: Call was disconnected on third and final attempt
StellaService Analysts stress test the customer service of leading retailers on a daily basis over the phone, email and live chat. For Target, each day our analysts call the main customer support line listed on the website for online orders (800-591-3869). The company’s press release on December 19 stated that customers who suspect unauthorized activity should contact Target at: 866-852-8680, however StellaService data only reflects the main support line for online orders.
Email Support
Target experienced similar spikes in email support, particularly from December 18 to 25, the longest time for response being 2 days, 18 hours on December 23.
In the three days following the December 26 announcement that it had tripled contact center support, response times to our daily emails dropped to under two hours. However our email on December 30 required more than three days for a reply.
The Ripple Effect
The breach has impacted the customer service departments outside of retail including credit card companies, banks and credit unions. The WellsFargo.com home page currently has an alert that links to a “customer service notice regarding the Target data breach.” And in Virginia, nearly 4,000 state-issued electronic benefits cards were deactivated by the Virginia Department of Social Services as a result of the breach at Target stores.
Do You Have a Data-Breach Disaster Plan?
There’s a precedent for other retailers dealing with similar situations. And, while there’s not a blanket fix for every business, Target certainly had some best practices to lean on. They did some things right — tripling their contact center staff and building a detailed FAQ page. Still, cybercrime is likely to get more sophisticated before it goes away, so it’s paramount that Target — and all other retailers — be rigorous in planning for such a fiasco.
Reporting by Adriana Dunn.
Photo: Intangible Arts/Creative Commons.
Previously on Happy Customer:
Woman Allegedly Waits on Hold for Six Hours with Target
StellaService Study: Did Leading Retailers Deliver By Christmas as Advertised?
Sign up for the Happy Customer Weekly Newsletter.