Target is in the middle of a retailer’s worst nightmare. During its busiest time of year, the popular brand is dealing with a data breach that compromised as many as 40 million debit and credit card accounts. Not a very merry Christmas for customers at the second-largest discount retailer in America.

It’s too late for Target to prevent the breach. But how are they dealing with the crisis from a communications standpoint?

Getting information out: Target’s done a great job informing consumers about the situation. On the homepage, there’s a special section with information about what customers should do if they find suspicious charges on their cards, with information for consumers in each state. Owning up to the mistake and providing resources will blunt consumer anger.

Provide specifics: In a statement, Target is explicit about the specific data that was stolen, the dates during which shoppers were likely affected, and that the company notified federal and state authorities once the breach was discovered. The company also lays out the steps it’s taking to find out what happened and how it will better secure its data in the future.

Reassure customers: “Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident,” Target says in a statement. Time will tell if customers think they’re sincere—especially those who may have seen their Target-administered credit cards compromised.

Get social: Target has an established presence on Facebook and Twitter, using Twitter to share the news with followers. But it took until noon for the company to post to its Facebook page, aside from form responses to customer gripes. Unwise—it’s critical to be proactive and ‘fess up.

It’s early yet, but we’d say Target it doing a decent job of handling its crisis. But, if millions of consumers find fraudulent charges in their January statements, it could get a whole lot worse before it gets better.

How can your organization prepare for a data breach? Read SM& President and Crisis Communication expert Ashley McCown’s thoughts here.