On Dec. 18, news broke that Target witnessed unauthorized access to payment card data across its U.S. stores. Security expert and blogger, Brian Krebs, broke the news on his blog.
Since then, it’s been a full-blown reputation and operations crisis for Target–over the holidays and arguably the retailer’s most important shopping period of the year.
If you’ll remember back to October, tech start-up Buffer experienced its own crisis of sorts when many Buffer accounts were hacked (on a weekend, no less). I blogged about how Buffer handled the crisis from a communications standpoint–which they did very well.
Even though these two companies are worlds apart in terms of size, revenue and years in business, I think there are some key lessons we can all learn around how they both handled (or, in Target’s case, ” are handling”) their respective crisis situations.
Response time after the initial news breaks is critical
It took Buffer all of an hour to respond publicly to its hack. Target (at least publicly on Twitter/Facebook) took more than 24 hours after news of the breach “broke” on Krebs’ blog. Now, Target has a lot more to deal with internally when it comes to crafting and disseminating a response–I’ve been on that side of the table and can respect the limitations. But, the reality in today’s world is 24 hours is an eternity. Did it cost Target? Maybe–maybe not. But it certainly left the door open for others to control the narrative early on. Buffer, by contrast, was right out in front of the hack before most people even knew their accounts were compromised.
A simple apology can go a loooooong ways
One thing I’ve noticed about Target’s communications since the breach–there has been no public apology. Not one sorry from anyone on the Target side (again, that I’ve read or seen). Now, I have a feeling that may have to do with legal issues, and you just never know what goes on behind close doors in these types of situations. But you’ll also notice how many times Buffer said sorry early on in its communications (twice just in this one Facebook post above). That entire weekend, Buffer was continually apologizing for the hack. And you know what? That was one of the things users appreciated the most (and they told Buffer as much on Facebook and Twitter).
Use one spot online as your crisis “home base”
Here’s another thing Buffer nailed (in my view)–they used ONE spot online (their blog) as THE place to go for information about the hack. They shared all news of the hack here. Gave instructions to users about how to get accounts back up-and-running. And updated it frequently. So, if you were a Buffer user, you KNEW you could expect up-to-date information about the hack on the blog. And ONLY on the blog.
Target, on the other hand, has taken a different approach. They’ve used multiple spots online to update and refer people. They’ve used their BullseyeView blog, pages on Target.com and even their online media room. I’m not sure Target’s approach is “wrong” in any way, but I certainly thought Buffer’s approach of posting all news and information about the crisis in one spot worked awfully well.
Does a CEO on Twitter help you during a crisis?
Joel Gasciogne, CEO of Buffer, leads a start-up of less than 20 employees. Gregg Steinhafel, CEO of Target, leads a team of 361,000 staff. So, there’s no doubt the two live in vastly differently worlds. And, they undoubtedly also face vastly different pressures (Target is a publicly-traded company, for example, which brings all sorts of issues to the table). And, in crisis situations, they both show up much differently online. Joel was out in front of the Buffer hack from the get-go, often times using his personal Twitter account to respond to users. He signed off on emails and Facebook posts. He was taking responsibility.
Mr. Steinhafel, not surprisingly, has no Twitter account. I say “not surprisingly” because there aren’t many Fortune 100 company CEOs who do have a Twitter account. And, I’m not necessarily sure that’s not such a bad idea. But, that does limit Target’s opportunities in a situation like this. You can see them trying, with the short videos of Mr. Steinhafel in his initial blog post on Bullseye View. But ultimately, I’m not sure those work quite the same way as Gasciognie’s responses on Twitter and Facebook. Not sure there’s much Target could have done here, but I thought it was worth pointing out the effect an authentic, nimble and responsive CEO had using online channels in a crisis situation.
Update your audiences–frequently
This is where Buffer really excelled–and it’s a crisis communications 101-type issue. Update your audiences–frequently–during tough times. It may not always feel right–heck, most companies seem to think crisis situations will go away on their own. But, for Buffer that meant hourly (if not more frequent) updates around what was happening and why. If you were a Buffer user during the hack, one thing you could NOT complain about was a lack of information.
Target seems to be doing a pretty solid job here as well. Updating people on new news and information. They’ve been updating their Facebook page regularly, with updates, FAQs and additional links to even more information (and responding and chiming in often in the comments of those posts with facts and information). They’re responding to questions and inquiries on Twitter–at least as much as they can from what I can tell. From all accounts, they seem to be updating folks as often as they can, too.
Bottom line: Just solve the problem
The bottom line in crisis like these is often quite simple: Solve the problem. In Buffer’s case, they managed to fix the hack by the end of the weekend (less than 48 hours by my count). In the meantime, they kept people up-to-date via email, Facebook, Twitter and their blog–all channels they knew their customers were using. Target, unfortunately, is still trying to fix its problem. Granted, Target’s problem is much more complicated than Buffer’s, so we’ll have to see how the next week or so plays out to see if/how Target resolves it.