It’s not their fault, but companies still have to apologize for massive data breach

It was the data breach heard around the world.

Millions of people’s email information was stolen in a massive security breach after hackers made their way into email marketing firm Epsilon Data Management’s systems. They only got names and email addresses – but just enough information to use to trick people with “phishing emails.”

It has been a test in reputation management for some of the biggest and most public companies, including Best Buy, Citi Bank, Verizon and Target. While they didn’t really do anything wrong, they are still faced with answering to their customers. Passing the buck doesn’t really work in this instance, after all, they hired the company that lost the information.

The swank Ritz-Carlton Hotel Company sent an email to its customers informing them of the breach, saying very contritely: “We take your privacy very seriously. The Ritz-Carlton has a long-standing commitment to protecting the privacy of the personal information that our guests entrust to us. We regret this has taken place and apologize for any inconvenience.”
They also created a FAQ page to further address concerns by their customers. Aside from the FAQ, most of the companies used a similarly worded response.

For Epsilon’s part, it offered an apology from its president Bryan J. Kennedy: “We apologize for the inconvenience that this matter has caused consumers and for the potential unsolicited emails that may occur as a result of this incident. We are taking immediate action to develop corrective measures intended to restore client confidence in our business and in turn regain their customers’ confidence.”

Even Epsilon’s parent company, Alliance Data, offered a statement from its CEO Ed Hefferman: “We fully recognize the impact this has had on our clients and their customers, and on behalf of the entire Alliance Data organization, we sincerely apologize.”

Epsilon’s first release came out last Friday, and was a paltry 61 words, saying a “subset” of customers’ data was exposed. Thankfully, a more complete release came out on Wednesday that was about 550 words and fortunately did not use the term “subset.”

Waiting didn’t seem to hurt ADS’s stock price. On Friday, it closed almost unchanged from a week ago, after slipping about $5 when the media caught wind of the story on Monday.

Unlike the Ritz, it did not include a FAQ, although that would have been helpful. And given the massive number of people affected, a separate web page addressing the issue would have made sense.
In this instance, the more information the better, with regard to repairing or preserving reputations.

~ Gil Rudawsky

Leave a Reply

Your email address will not be published. Required fields are marked *


Time limit is exhausted. Please reload CAPTCHA.