Ken Hess, a Target customer, received an update letter about the Target breach which he posted in its entirety on ZDNet. There is really nothing particularly new in the letter, other than Target says they (still) have no evidence of any misuse of their branded RED cards and only a “low amount” of misuse of their branded Visa card. The letter does not indicate how much misuse there was of other non-Target cards.
From a PR/breach response standpoint, was this letter a good idea? Almost certainly. It is reassuring in tone and tells customers how Target is working to prevent this from happening again and becoming a leader in the push for chip-and-PIN.
But as Ken Hess’s column suggests, it doesn’t really matter if he had experienced card fraud as a result of the breach. He was and is a loyal Target customer because of how the staff handled a potential public safety emergency. His loyalty is such that he even suggests Target customers each donate $1 to help Target pay for the costs of chip-and-PIN implementation.
Does anyone else see that as being over the top?