Instead of basking in holiday cheer, Target Corp. is spending the crucial shopping days before Christmas dealing with probes from several state attorneys general, infuriated social media comments and customer lawsuits over a massive data breach.
In a rough year for retail, when consumers are already hesitant to splurge, the fiasco is fast becoming a nightmare.
"There's never a good time for this to happen," said Charles O'Shea, an analyst with Moody's Investors Service. "But if there's a worse time than during the holidays, I'd like to know what it is."
Target — one of the country's largest retailers — is facing accusations that it waited too long in disclosing that its system had been hacked, exposing some 40 million of its customers' credit and debit card accounts. The Minneapolis company waited until Thursday to confirm that a break-in occurred between Nov. 27 and Dec. 15.
The information was then downplayed on the retailer's website, tucked out of view at the very top of the page.
Now, potential victims have said they've been having problems reaching Target's customer service department through its website and call centers. Angry and afraid of identity theft and that scammers might siphon their money dry, they took to social media in droves to vent.
Bekah Sims Andrews complained on Facebook of waiting for 48 minutes on hold hoping to reach a Target associate before being suddenly booted off the call and hearing a busy signal.
"Are you kidding?" Andrews posted on Target's page. "This is completely unacceptable."
Target apologized with a form response, saying the delays were caused by "significantly higher volume than normal" to call centers. The retailer said it was "adding team member support and system capacity as quickly as possible," working to "build capacity hour by hour."
Georgia Slifco Parsons wrote that she had to change her checking account number because it was tied to her Target debit card. As a result, she will have to buy new checks and change the account number for every bill she pays online, she said.
"Thanks Target for this mess right at Christmas," Parsons wrote, vowing to stop shopping at the chain.
Social media bitterness isn't Target's only concern.
At least two lawsuits seeking class-action status have been filed against the retailer, and more are expected.
A California customer filed one such suit in federal court in San Francisco, alleging invasion of privacy and negligence. Jennifer Kirk said in her complaint that she is a regular Target customer and used her debit card while buying Christmas items for her family.
Kirk alleged that Target "failed to implement and maintain reasonable security procedures and practices appropriate to the nature and scope of the information compromised in the data breach." In the complaint, she also accused Target of "conveying a false sense of security to affected customers" by suggesting that the problem had been resolved.
The lawsuit lists worries that have been voiced by many Target regulars: that identity thieves could use the stolen data to take out loans, incur charges, file fake tax returns or commit immigration fraud. Kirk complained that she and any other plaintiffs "now face years of constant surveillance of their financial and personal records, monitoring and loss of rights."
And a suit filed by Orange County resident Colleen Klein accused Target of "misrepresentations, concealments and non-disclosure of its poor, substandard security practices." She believes "that a portion of the money she paid for retail products at Target was to provide for adequate security to protect her personal information and the security of the credit card she used," according to the complaint.
Separately, four state attorneys general have their eyes on Target.
In Connecticut, Atty. Gen. George Jepsen sent a letter to the retailer requesting more information on the breach. South Dakota Atty. Gen. Marty Jackley warned shoppers to stay vigilant for unauthorized charges.
New York Atty. Gen. Eric Schneiderman said he sent a letter to Target's investor relations bureau expressing concern that "there are already reported incidents of identity theft affecting New York consumers." He later said he would "continue to use every power at my disposal to determine the extent of this breach."