The New York Times (NYT) is known as the Gray Lady due to its tradition of focusing on words rather than pictures in its 160 years of print publishing. Generally acknowledged as one of the world’s leading newspapers, it has a tradition for journalistic excellence unparalleled by many news organizations. The august standing of this journalistic institution was called into question when the NYT recently committed a blunder that was equally unparalleled: They sent an email – that was intended for about 300 subscribers who had just cancelled – to their entire database of over eight million people! Their screwup was compounded when they fumbled the explanation in a textbook example of what email marketers should not do when in damage control mode.
Email Intended for 300 Sent to 8.6 Million
It is very common for subscriber-based periodicals to have an email that offers to lure cancelling customers back to the fold. The NYT offered an exclusive 50% discount on a renewal subscription to a few hundred lapsers, but the email ended up being delivered to 8.6 million people who had not cancelled anything, setting off a flood of calls to the email’s toll-free number and an extremely embarrassing situation for the highly distinguished newspaper.
Could Epsilon Have Been Hacked… Again?
The paper quickly posted a warning on its Twitter account: “If you received an email today about canceling your NYT subscription, ignore it. It’s not from us.” This led various industry observers to indicate that it might have been a hack, and pointed to the feasibility that Epsilon, the NYT’ email service provider, had succumbed to a repeat of the infamous security breach of April 2011, which saw millions of customer records appropriated from some of America’s largest corporations.
As it turned out there was no hacker involvement in this fiasco at all, as it was actually a Times employee who committed the epic mistake of sending a renewal email intended for 300 subscribers to nearly nine million email addresses. The entire mess was similar to the “whoops” scenario when you hit Reply All with a message intended for a single individual, but in this case the All was nearly nine million individuals all over the world who had previously submitted their email addresses to the NYT.
By the time that the newspaper’s management had to face facts and issue a retraction of their earlier statements of claimed innocence, the damage was done. A total of 8.6 million email addresses had been effectively spammed by the NYT with a lucrative offer that the company could not possibly afford to honor for all of the people who received the proposal. Many industry observers criticized every aspect of this massive bungle. First of all, how did a Times employee manage to mistake a list of 300 with one nearly 30,000 times larger? Then, when the deed was done, what was the criteria applied by the newspaper to claim that they had no responsibility for it, pointing fingers at some unknown (and as it turns out non-existent) nefarious entity?
Damaging Knee-Jerk Reaction
The basic tenets of damage control in the internet age are to react swiftly with total transparency. Whether or not the NYT was aware that there was no hacker at work when they issued their first dismissive tweet is irrelevant. For one of the grandest journalistic luminary organizations with an impeccable reputation, built on generations of ensuring that facts are double and triple checked before publication, it was a knee-jerk reaction of the worst possible kind.
The lessons that email marketers can learn from the NYT snafu are not limited to simply reiterating the absolute necessity to be honest and forthcoming at the first hint of a foul-up. Equally important are the actual policies in place surrounding your entire online campaign. It is not outside the realms of possibility that a disgruntled Times employee decided to give the Gray Lady a Black Eye. Implementing a meticulous process where email sends are pre-approved by at least one supervisor could save your company from a similar loss of reputation.