PR Departments Need To Step Into Security Breaches

Back in the early days of the Internet, I wrote a story for the long-departed print magazine NetGuide titled, "Is It Safe To Shop Online?" The answer was a resounding "yes" to folks who were still reluctant to type in their credit card numbers on archetypal online order forms. It was at least as safe as it was to expose your credit card number to a waiter at, say, the local Red Lobster, or to a clerk fulfilling, say, magazine subscriptions over the touchtone landline. It seems to have gotten less safe since then, not only because hackers seem all the more devious but also because we have put so much more information about ourselves into the billowing cloud of connectivity.

But has it? Or do companies need to do a better job not only by tightening security on the back end but also in facing the public relations problem head-on.

The latest breach, unveiled Wednesday evening by the Financial Times, was at Citibank which, like Sony before it, was purportedly taking its own sweet time in letting the public know that their data may have been compromised.



"Yet another hack, yet another delay in reporting it," reads a CNNMoney report, putting emphasis on the fact that Citibank says that it discovered the attack in early May. "Citigroup is the latest to report a security breach, but the hack occurred more than a month ago. It's time for companies to open up about exposures to its systems," reads the prescriptive subhed to Dan Mitchell's story.

The hack affected about 1% of its 21 million customers in North America. The hackers gained access to cardholders' names, account numbers and email addresses, but not their Social Security numbers, dates of birth, card security codes or expiration dates. The bank has mailed replacement cards to about 100,000 account holders.

"Citi said the breach affected credit card accounts only, but several people that the FT spoke to said their debit cards were compromised," writes Suzanne Kapner. "These people said they did not learn of the problem until they tried to use their cards at the weekend and had the transactions denied. Citi said it had been contacting customers whose information was involved."

Comparing Citi's delay to Sony's lag in informing customers when its PlayStation Network was breached in April by a "hacktivist" group, Anonymous, CNNMoney's Mitchell says that corporate tight-lips are becoming "a disturbingly familiar pattern."

PBS, Fox and an F.B.I. affiliate known as Infragard have also been attacked by hackers, Chris V. Nicholson and Eric Dash remind us in the New York Times. "And most worrying of all, perhaps, they compromised the security system of RSA, maker of the popular SecurID."

But, relatively speaking at least, the Wall Street Journal's Victoria McGrane and Randall Smith write that Citigroup's response appears to be "aggressive." They compare it to a situation at Michaels Stores earlier this year in which more than 100 customers didn't find out that their accounts were being looted until three months after the fact. But "once Michaels learned of the situation in May, the crafts store says it made a prompt public disclosure and replaced the equipment," they write.

The spate of cyberattacks actually may be helping marketers in that consumers are becoming inured to the news of yet-another security breach. Several experts looking at the Sony situation tell Ad Age's Marine Cole that this is indeed the case.

"The reality is companies are under attack," says Marketing Symphony founder and principal Andrew Szabo, citing Google, Epsilon Data Management and Lockheed Martin as other recent targets. "If Sony had been the only one hacked into, the impact on the brand would have been much greater. Unfortunately, they're in good company."

And just as it was when Netscape ruled the Internet and PayPal had yet to be conceived, consumers are not going to lose any of their increasingly harder-to-earn shekels.

"The good news for consumers is that any money stolen from either their credit or debit card account is recoverable," Kapner writes in Financial Times. But, as a Gartner Research analyst tells her, "The bad news is they are incredibly inconvenienced."

And who knows what havoc might be wrought if data like Social Security numbers and birth dates are stolen? Companies would be wise to get ahead of stories like these, which are inevitable, and not wait for snooping reporters to come a-pinging.

1 comment about "PR Departments Need To Step Into Security Breaches ".
Check to receive email when comments are posted.
  1. Keith Trivitt from MediaWhiz, June 10, 2011 at 3:29 p.m.

    We certainly agree with your assessment that companies would be wise to get ahead of the inevitable stories that will come out should they be the victim of a cyberattack or hack, particularly if that hack involves customer data. Being forthright and transparent in communicating to customers, stakeholders, the media and the public is not only the ethical thing for businesses to do, but it is also good business.

    Numerous studies have shown that the public and consumers respect those businesses that respect their customers' right to accurate, timely and transparent information. Businesses that do so are, in turn, often rewarded with increased brand and industry reputation and a greater level of trust among their key stakeholders, all of which have been shown to increase brand value and profits.

    There is another added benefit to companies proactively addressing hacking issues that affect their business: it allows them to disclose the information on their terms and with context that is often welcomed and necessary for customers and the public to better understand the situation and its potential ramifications. At a time of precariously low trust in global businesses, many companies would be wise to reconsider how they disclose such attacks on customer data, and take a more forthright and transparent approach to doing so.

    The business logic behind this is sound, as are the ethical components that ensure the public's best interests and trust are kept intact.

    Keith Trivitt
    Associate Director of Public Relations
    Public Relations Society of America

Next story loading loading..