September 11, 2019
Capital One Directly Addresses Data Breach
Chances are, you’ve heard about the Capital One data breach. What you may not have seen, heard, or read is Capital One’s specific “what’s next” statement related to the breach. Let’s walk through it.
First, the company discloses the facts of the situation: they determined there was a potential data breach on July 19. 2019. In the disclosure, Capital One states: “an outside individual gained unauthorized access and obtained personal information about customers and applicants…”
Leading with the bad news in a clear, concise way. Difficult, but strong. They followed that up with explaining what the company has done in response:
“Capital One immediately fixed this issue and promptly began working with federal law enforcement. The person responsible was arrested. Based on our analysis, we believe it is unlikely that the information was used for fraud… However, we will continue to investigate.”
This statement was meant to allay fears and instill confidence. Something bad happened, but they got right on top of it, captured the Bad Guy, and stopped what could have been something much, much worse, probably. Of course, while appropriate, that kind of fact-based statement isn’t always good enough for a public that is, understandably, freaking out over the possibility that their personal data is exposed. This kind of emotional fear and worry requires a personal response. Cue, Chairman, and CEO Richard Fairbank:
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what happened… I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right…”
Here, we have an acknowledgment, again, that the Bad Guy was taken down. However, we also have a sincere apology, as well as recognition that, for many people, this incident is not over. Statements like “causing understandable worry” indicate an understanding that this will be an ongoing issue for some people for the foreseeable future.
Anything missing? Yes. A concrete vision for what comes next. To that end, Capital One says: “Safeguarding information is essential to our mission… We have invested heavily in cybersecurity and will continue to do so. We will incorporate what we learned from this incident to strengthen our cyber defenses.”
The statement follows this reassurance with a detailed breakdown of how many people may have been impacted and, in general, where. Additionally, they disclose that “no credit card numbers or login credentials” were compromised. This fact is meant to reassure before disclosing specifics about what was gathered, which is necessary bad news. Finally, the company closes with an invitation to reach out, if people have questions or concerns which, of course, they do. From there, Capital One needs to deliver good service. If they do, the brand might turn some frustrated customers back into fans.
Ronn Torossian is the CEO and Founder of 5W Public Relations.