When a major credit checking agency (well, the major credit checking agency) experiences a data breach, it’s not just its reputation on the line, but that of its client.
T-Mobile USA has been dealing with a crisis not of its own making over the past few days. Credit agency, Experian reported a data breach exposing 15 million records of T-Mobile USA customers (who made applications between 1st September 2013 and 16th September 2015).
The hack exposed the names and addresses of customers and their dates of birth. More sensitive data, such as social security numbers, was also taken. Although the data was encrypted, there are fears that the hackers may be able to break the encryption.
While Experian’s statement did include an apology, it remained very factual and precise. This is what happened, and this is what we are doing about it.
T-Mobile’s statement is much more expressive, and provides its customers with more details as to where to go for more information and how they can help monitor their credit. Most importantly, even though it had nothing to do with the breach, T-Mobile tried to reassure its customers that if they had any questions or concerns, it would endeavour to answer them.
Meanwhile, reports are circulating that the financial details of T-Mobile USA customers are already for sale online, while Experian states that its investigation (to date) has found no evidence credit card details were compromised.
While it’s true that T-Mobile had no power over the hack, it doesn’t mean it’s free from the reputational impact of the event. Both businesses experienced a dip in share prices after the announcement.
The company has, however, been quick to help its customers. The CEO even took to social media to reply to questions and post updates.
What can other brands learn from this crisis?
Just because the crisis was created by a partner or other external organisation or event, it doesn’t mean your business can’t take action. In this case, your business needs to act as the defender of its customers. What steps can be taken, what actions are within the businesses power to correct any problems and ensure they are not repeated?
Communicate through the crisis
The crisis may not be your responsibility, but it affects your customers, and they will still turn to you for clarification and guidance. It’s the businesses responsibility to liaise with the other organisations involved and keep its own customers informed.
Don’t hide behind corporate speak
T-Mobile hasn’t just been keeping lines of communication open, its CEO has been posting updates to social media and replying to people directly. He’s not copy and pasting the same tired corporate statement either, but posting in his own words and taking the time to read and respond to what people are actually saying. Listening is about much more than hearing what people are saying and telling them what they want to hear, it’s about understanding concerns and taking action.
Have a plan
A lot of crisis planning revolves around internal issues – a rogue employee, or a product recall for example – but what happens when it’s a partner, or another external agency at fault? The brand can’t simply sigh in relief and go about business as usual. Crisis planning and preparation needs to account for this scenario. What role will the business fulfil during the crisis? How will it address the issue in the media? How will it ensure that internal teams have all the latest information from the third party? These are all issues that need to be considered before the crisis hits (and, ideally, the team needs to practice how it will respond in the moment, hence the need for simulations in a safe, closed environment.)
T-Mobile has done a good job in handling the crisis so far, can you say that your organisation would do the same?