The bad news just keeps trickling out of Target.

Today the retailer admitted that the security breach it suffered during the holiday shopping season was nearly twice as large as initially believed. This news makes the breach one of the biggest of its kind, affecting up to 110 million Target customers.

Frankly, I believe that most consumers understand that simply possessing a credit or debit card presents a risk. I'd be willing to bet that most everyone at some point has needed a re-issued card due to a breach or potential breach, and has been understanding in these situations. But did Target assure customers that it was doing everything humanly and technically possible to restore security measures and keep their customers properly informed? That's debatable.

Donna, a Naperville, Illinois, resident who preferred not to use her last name, considers herself a frequent Target shopper but did none of her gift buying at the store this year. It wasn't the security breach itself that kept her away from one of her favorite retailers; it was Target's poor crisis management. "Target didn't release information quickly or accurately enough," she says. "In fact, banks were putting information out there about the security breach and Target denied much of it, but contradicted their denials at a later time." This consumer says that she's going to lay low until she feels confident that Target has resolved these issues.

Too Little, Too Late

The backlash on Target's Facebook page shows how much damage has been done: many customers claim that they will never return.

In an attempt at damage control the giant retailer is offering credit card monitoring to anyone who has shopped at any U.S. locations. On the website, Target's president of finance and retail services Scott Kennedy says, "We know this incident has been a confusing and stressful time for our guests, and for that we apologize. We hope this offer provides them with additional peace of mind." Mind you, this comes more than a month after the hack was initially announced.

The gesture is simply too little, too late.

"People understand things like data breaches or hackers, but what they don't understand is a company keeping information from them, potentially to increase earnings," said Joy Schoffler, principal of Leverage PR. Target claims it learned of this latest bit of information in the course of the ongoing investigation.

Preventing a breach in the first place is, of course, preferable but not always realistic. If the worst-case scenario happens, you must, must have a public relations process in place. Here's what Schoffler recommends:

  • Tear the Band-Aid off quickly: Get all of the information out there at once; letting it trickle out over time is only going to continue to refresh the negative situation in the minds of reporters and customers.
  • Let the bad news come from you: This ties into acting quickly. The longer you wait to break the news of a negative situation, the more likely news outlets and social media will break the situation for you. If at all possible, contact customers directly. At a minimum, issue a press release and a statement and be transparent in social media as well.
  • Apologize: This can't be stressed enough. It's something we all learned in kindergarten but seems to be something executives tend to forget. When you cause someone else harm or inconvenience them greatly, you apologize. Owning up to the mistake and showing remorse goes a long way in the minds of consumers.
  • Rebuild confidence: This is the hardest part and won't come quickly. Employing a public relations or marketing agency that specializes in brand rebuilding is most companies' best bet. Target is making a first attempt to regain confidence by offering a year of identity theft monitoring to those affected by this data breach. Even so, what could have been a poor-performing quarter might now turn into even more stores closing because of Target's failure to act quickly and transparently.