A study in contrast: TJX and Hannaford
Without a doubt, the two biggest news-making retail breaches in the past year were TJX and Hannaford.TJX lost as little as 11 times and as much as 25 times more records than Hannaford, but both merchants suffered massive hacker attacks that resulted in endless news stories, federal investigations and costly lawsuits. We've covered that sort of collateral damage ad nauseum in the online pages of SC Magazine, so I'll spare you.
What I want to talk about today is the spectacularly contradictory ways the two retailers have handled their public relations since the breach.
TJX, from the start, has never admitted to doing anything wrong. Sure, the Framingham, Mass.-based discount clothing merchant issued an apology to customers, saying they sorry any inconvenience lobbied customers' way, but they never talked in detail about how the breach occurred.
Others speculated; TJX never confirmed.
Maine-based Hannaford, on the other hand, has embodied transparency. They issue press releases. They make their spokespeople readily available. They explain how it happened (malware planted on servers). Heck, yesterday, they got their CEO and CIO on the phone with reporters to candidly - as much as they can considering the ongoing investigation - talk about the breach and mention specific solutions they are deploying to mitigate future risk.
They are contrite.
TJX, if they are sorry, are not letting anyone know about it.
Here are two contrasting approaches for dealing with one of the biggest challenges either company has ever faced.
It appears that TJX has failed miserably, whereas Hannaford took a low point and turned it into study in effective crisis response.
But, at the end of the day, I'm not so sure whose approach is best.
TJX never lost customers. It skated past any major lawsuit settlements.
Perhaps, TJX executives knew in the back of their minds that there was no way their customers were going to abandon them. After all, where else can you get a designer tie for $15 (Marshalls) or a brand-name dress for $25 (T.J. Maxx)?
So the powers-that-be decided they should apply the "Goodfellas" approach, namely "Never admit to nothing" and "Always keep your mouth shut."
Perhaps Hannaford wasn't afforded such a luxury. There were other options for their customers. Other grocery chains that offered similar prices and similar selections. So they had to respond in a different kind of way, with openness.
We hear so much these days about how everyone's biggest fear is landing on the front page of the Wall Street Journal - hey did you forget about SC Magazine? - or in front of the cameras of CNN, where they are left explaining how they just lost millions of sensitive customer records.
We've read studies how customers swear they will never shop at a compromised company again.
Then, I look at TJX, and I wonder if all the effort to communicate and apologize really means anything, whether poll respondents are just saying what they think is right and whether, in the end, it's just too much effort to get up and leave.
Tell me I'm wrong, please.
