Unless you’ve been on polar bear research sabbatical in an igloo on Novaya Zemlya for the past couple of weeks, you’ve certainly heard of the Epsilon data breach that exposed millions of email addresses. Examining how the email service provider’s client corporations informed their affected customer subscribers can shed some light on how companies can best react if PRmageddon hits.

Epsilon’s Data May Have Been Left Unencrypted
On March 30 unauthorized individuals managed to obtain several million names and email addresses from Epsilon, a service provider that conducted email marketing on behalf of some of the world’s most well known corporations such as Disney, Capital One and Best Buy. The concern is that this data will be used in phishing attacks where unsuspecting individuals could be conned out of critical information, home addresses, social security and credit card numbers. Epsilon has not released any information as to how this breach occurred but many security experts claim that the data was left on the service provider’s servers in a vulnerable, unencrypted form.

All of the brands involved sent out emails to advise their customers of this breach, but what was telling was the content of these messages. Brookstone, Chase, Ethan Allen, Kroger, Target, Tastefully Simple and Walgreens were among the corporations expressing regret or sorrow and sincerely apologizing to their subscribers while making it clear that it was obviously a factor that was completely out of the company’s control.

Beachbody & Kroger Had the Best Notifying Email Messages
One of the most detailed and penitent messages was issued by Beachbody, which not only included the statement “we regret that this incident has occurred and apologize for any inconvenience this may cause you” but also provided a primer on how to stay safe from phishing attacks and an email address in the body of the text that subscribers could use to ask questions. Kroger showed remarkable class as it was the only company that did not even name Epsilon at all and only mentioned the responsible party as “someone outside of the company.”

Some Brands Failed to Apologize to Their Customers at All
Not all brands handled the Epsilon debacle as courteously as Beachbody and Kroger. Ethan Allen blamed Epsilon by name three times in the first two paragraphs of the notification email. Some companies did not offer any element of apology or display any degree of contrition, among them a renowned bank, hotel chain, bookseller and retail TV network. Surprisingly, these major corporations disregarded one of the most basic tenets of crisis management, which is to immediately engage in a prompt, profound and transparent process of apology and commiseration with the impacted parties. A terse paragraph to inform your customer that their data has been purloined and that it’s not your fault can be interpreted by your subscribers as an insensitive or outright arrogant form of buck-passing. After all, your customer provided you the permission to send emails and may not even be aware of the existence of email service providers.

One Company Had to Apologize Twice!
Showing that there is a human side to your brand and demonstrating that you are taking serious steps to ensure that this does not happen again is going to build trust and confidence among your shaken customers. That is one of the main reasons why during crisis management time it is eminently important to ensure that all communications to your subscribers are vetted and triple-checked by top management. As soon as the breach became public knowledge, a major cruise company fired off an email to all of its affected subscribers that was empty! They then had to scurry to send off a second email apologizing for the empty email and then apologizing again for their customers’ information being compromised. Could any subscriber receiving that email be reassured of this company’s competence?

Your customers are very concerned about the handling of their personal data and should your brand ever be involved in a debacle of this magnitude, the best policy is always to be professional, magnanimous and considerate, while commiserating and apologizing profusely. If you truly love your email subscribers, you will say you’re sorry!