Case Study Of Target's Data Breach
During, and leading up to, the recent data breach that occurred at Target, it is evident that many mistakes were made at the executive level. As any company, Target possesses a primary goal of balancing both effectiveness, and efficiency; however, the organization under CEO Greg Steinhafel did not achieve these goals simultaneously. Prior to the data breach experienced by Target, the company primarily focused on efficiency --- the act of determining and implementing the most cost effective method of utilization for products, resources, or personnel (Kinicki and Williams, 2016). This manner of management by the executives did meet the minimum requirements of cyber security set by government regulations; however, it was not not effective enough
…show more content…
to prevent hackers from infiltrating Target’s computer network. After the massive data breach, CEO Steinhafel changed his management philosophy to become effective --- the act of making the right decisions, and successfully reaching the desired results of organizational goals without regard to cost effectiveness (Kinicki and Williams, 2016). In doing so, Steinhafel acknowledged the underperforming and under developed cyber security at Target with intentions of improvements. Steinhafel also acknowledged the forty-million customers who’s information had been compromised and offered each the opportunity to enroll into Identity Theft services at the cost of Target. The management at Target failed to improve their cyber security services due to the realization that the, at the time, current measures met the requirements of government regulations. Furthermore, after the data breach, Target provided Identity Theft protection to forty-million customers regardless if their information was utilized by the thieves or not. A great balance between efficiency and effectiveness would have been to offer additional Identity Theft protection to customers who experienced actual identity theft as opposed to every consumer. The assumed sum of damages to the organization has been estimated at more than a billion dollars.
The four primary functions of management are as follows, with no precedence given: planning, organizing, leading, and controlling. During Mr. Steinhafel’s tenure as the Chief Executive Officer to Target, he exercised all of these principle functions to one degree or other. Regardless, Mr. Steinhafel allowed the company’s desire for efficiency to inevitably cost him his job. While cutting corners to save on revenue, Target as a corporation became satisfied and complacent with simply meeting the standard of government regulatory compliance on cyber security. The lack of additional security allowed hackers to infiltrate Target’s computer network via a third party vendor and steal credit card numbers and personal information from the company’s patrons. During this crisis at Target Mr. Steinhafel was faced with a number of managerial challenges, but the primary dilemma and challenges before him was that of ethical management and the internal battle of managing for happiness or meanfulness. Ultimately, Mr. Steinhafel present the general public with a statement that not only outlined the crisis but enveloped the public into a detailed explanation as to the route in which the breach occured, the number of consumers affected, and the plan developed to aid affected consumers. Mr. Steinhafel’s statement included measures that were to take place in the near future for cyber security and the means for which consumers would be able to access assistance from Target concerning identity theft protection. While the decisions made by Mr. Steinhafel may not have been within the best interest of the company’s efficiency, it was the right thing to do which displayed his devotion to ethical management and consumer trust. These decisions also showcased Mr. Steinhafel’s desire to manage in a meaningful manner as opposed to a maintaining his personal happiness. While Mr. Steinhafel found himself forced to resign his position at Target, he was able to ensure that all consumers directly affected by the breach would be financially taken care of in the event of identity theft related to the Target data crisis.
The three key managerial roles, interpersonal, informational, and decisional, each have sub-roles associated with them based off of the Mitzberg Roles. I believe that Mr. Steinhafel exhibited traits from multiple sub-roles, each belonging to one of the three key managerial roles. For example, within the interpersonal key role, Mitzberg states that there are figurehead, leader, and liaison roles (Grover, Jeong, Kettinger, & Lee, 1993, p.111). Within this key role, Mr. Steinhafel displays competency and desire in the field of a leader’s role, as well as a figurehead. It was common for Target store associate to report spotting Mr. Steinhafel rummaging through local and remote Target retail outlets. On one occasion, it is noted that Mr. Steinhafel confronted a retail manager that was exchanging emails on her phone. During the exchange with Mr. Steinhafel and the manager, he requested that the manger actively attempt to engage in the present and not her phone. Furthermore, while being inclusive of the data breach crisis that ravaged Target revenue, Mr. Steinhafel wore the masks of all the sub-roles within the Informational key role. When utilizing Mitzberg’s definition of monitor, disseminator, and spokesman roles, Mr. Steinhafel was able to fulfill each of roles ,and during the darkest of times, he fulfilled them all simultaneously. Lastly, Mitzberg described the third key role, decisional, utilizing four different sub-roles. Of these four, Mr. Steinhafel showed great leadership in the roles of resource allocator and disturbance handler. As a resource allocator, Mr. Steinhafel assured all consumers affected by the data breach that they would never be held liable for any damages, and that Target would allocate their resources to ensure Mr. Steinhafel’s promise. This was one major decision concocted and carried out by Mr. Steinhafel in regards to the data breach in his effort to minimize damage to the organization's reputation and patronage in his role as a disturbance handler.
If I were a consultant hired to help Target executives deal with a crisis such as the data breach that occurred I would focus on the resources that are available to the senior management of Target.
One of the most important resources that a store can have is their reputation. This means the reputation of the brand itself and of the managers that run the stores and the upper managers that run the company (Sohn & Lariscy, 2012). In this case, Target’s brand reputation has come under fire due to a data breach that allowed thousands of Targets customers information to be stolen, including credit card numbers, email addresses, and even physical addresses. This made customers feel unsafe using their cards at target stores due to identity theft. Then the CEO was honest with the public about what was happening and how the corporation was going to deal with it. There were many different spins to the story and how he actually handled the crisis. I do believe that he took the right approach of being honest with the public because if he had tried to hide it and it leaked out it would have ruined the reputation of the brand and the leaders of the brand. When advising senior management o how to handle this I would suggest that they stayed as honest as possible with the public and promoted their reputation as it directly affects sales across the country. I would advise them to focus on that aspect that their team is being honest with the public and that they wish to keep customers in the loop about how they are fixing the situation and how they intend on keeping it from happening again in the future. I would advise the team to possibly create some type of survey that could be sent out and analyzed to customers on what they believed would be the best approach to fixing this brand reputation and what would make them feel secure again shopping in their stores. This could help senior leaders develop new ways to advertise and build brand loyalty back into the
company.
to prevent hackers from infiltrating Target’s computer network. After the massive data breach, CEO Steinhafel changed his management philosophy to become effective --- the act of making the right decisions, and successfully reaching the desired results of organizational goals without regard to cost effectiveness (Kinicki and Williams, 2016). In doing so, Steinhafel acknowledged the underperforming and under developed cyber security at Target with intentions of improvements. Steinhafel also acknowledged the forty-million customers who’s information had been compromised and offered each the opportunity to enroll into Identity Theft services at the cost of Target. The management at Target failed to improve their cyber security services due to the realization that the, at the time, current measures met the requirements of government regulations. Furthermore, after the data breach, Target provided Identity Theft protection to forty-million customers regardless if their information was utilized by the thieves or not. A great balance between efficiency and effectiveness would have been to offer additional Identity Theft protection to customers who experienced actual identity theft as opposed to every consumer. The assumed sum of damages to the organization has been estimated at more than a billion dollars.
The four primary functions of management are as follows, with no precedence given: planning, organizing, leading, and controlling. During Mr. Steinhafel’s tenure as the Chief Executive Officer to Target, he exercised all of these principle functions to one degree or other. Regardless, Mr. Steinhafel allowed the company’s desire for efficiency to inevitably cost him his job. While cutting corners to save on revenue, Target as a corporation became satisfied and complacent with simply meeting the standard of government regulatory compliance on cyber security. The lack of additional security allowed hackers to infiltrate Target’s computer network via a third party vendor and steal credit card numbers and personal information from the company’s patrons. During this crisis at Target Mr. Steinhafel was faced with a number of managerial challenges, but the primary dilemma and challenges before him was that of ethical management and the internal battle of managing for happiness or meanfulness. Ultimately, Mr. Steinhafel present the general public with a statement that not only outlined the crisis but enveloped the public into a detailed explanation as to the route in which the breach occured, the number of consumers affected, and the plan developed to aid affected consumers. Mr. Steinhafel’s statement included measures that were to take place in the near future for cyber security and the means for which consumers would be able to access assistance from Target concerning identity theft protection. While the decisions made by Mr. Steinhafel may not have been within the best interest of the company’s efficiency, it was the right thing to do which displayed his devotion to ethical management and consumer trust. These decisions also showcased Mr. Steinhafel’s desire to manage in a meaningful manner as opposed to a maintaining his personal happiness. While Mr. Steinhafel found himself forced to resign his position at Target, he was able to ensure that all consumers directly affected by the breach would be financially taken care of in the event of identity theft related to the Target data crisis.
The three key managerial roles, interpersonal, informational, and decisional, each have sub-roles associated with them based off of the Mitzberg Roles. I believe that Mr. Steinhafel exhibited traits from multiple sub-roles, each belonging to one of the three key managerial roles. For example, within the interpersonal key role, Mitzberg states that there are figurehead, leader, and liaison roles (Grover, Jeong, Kettinger, & Lee, 1993, p.111). Within this key role, Mr. Steinhafel displays competency and desire in the field of a leader’s role, as well as a figurehead. It was common for Target store associate to report spotting Mr. Steinhafel rummaging through local and remote Target retail outlets. On one occasion, it is noted that Mr. Steinhafel confronted a retail manager that was exchanging emails on her phone. During the exchange with Mr. Steinhafel and the manager, he requested that the manger actively attempt to engage in the present and not her phone. Furthermore, while being inclusive of the data breach crisis that ravaged Target revenue, Mr. Steinhafel wore the masks of all the sub-roles within the Informational key role. When utilizing Mitzberg’s definition of monitor, disseminator, and spokesman roles, Mr. Steinhafel was able to fulfill each of roles ,and during the darkest of times, he fulfilled them all simultaneously. Lastly, Mitzberg described the third key role, decisional, utilizing four different sub-roles. Of these four, Mr. Steinhafel showed great leadership in the roles of resource allocator and disturbance handler. As a resource allocator, Mr. Steinhafel assured all consumers affected by the data breach that they would never be held liable for any damages, and that Target would allocate their resources to ensure Mr. Steinhafel’s promise. This was one major decision concocted and carried out by Mr. Steinhafel in regards to the data breach in his effort to minimize damage to the organization's reputation and patronage in his role as a disturbance handler.
If I were a consultant hired to help Target executives deal with a crisis such as the data breach that occurred I would focus on the resources that are available to the senior management of Target.
One of the most important resources that a store can have is their reputation. This means the reputation of the brand itself and of the managers that run the stores and the upper managers that run the company (Sohn & Lariscy, 2012). In this case, Target’s brand reputation has come under fire due to a data breach that allowed thousands of Targets customers information to be stolen, including credit card numbers, email addresses, and even physical addresses. This made customers feel unsafe using their cards at target stores due to identity theft. Then the CEO was honest with the public about what was happening and how the corporation was going to deal with it. There were many different spins to the story and how he actually handled the crisis. I do believe that he took the right approach of being honest with the public because if he had tried to hide it and it leaked out it would have ruined the reputation of the brand and the leaders of the brand. When advising senior management o how to handle this I would suggest that they stayed as honest as possible with the public and promoted their reputation as it directly affects sales across the country. I would advise them to focus on that aspect that their team is being honest with the public and that they wish to keep customers in the loop about how they are fixing the situation and how they intend on keeping it from happening again in the future. I would advise the team to possibly create some type of survey that could be sent out and analyzed to customers on what they believed would be the best approach to fixing this brand reputation and what would make them feel secure again shopping in their stores. This could help senior leaders develop new ways to advertise and build brand loyalty back into the
company.