Your company is at the centre of one of the biggest data hacks in history.
What do you do?
How do you respond to the crisis comms incident?
Do you stay quiet, hope the hack is not as bad as is being suggested and the media attention goes away?
Or apologise, seek to reassure customers and let them know what action you are taking to protect them?
Well, for Ticketmaster – and its owner Live Nation – the answer seems to be to say as little as possible – a curious crisis media management move.
Not got time to keep reading? Listen to the blog instead
The ticketing giant has been hit by a massive cyber security attack – the BBC describes it as “one of the biggest in history in terms of global victims”.
Shinyhunter, the group claiming responsibility, says it stole the personal details of 560 million customers, including names, addresses, phone numbers and partial credit card details.
And the group are reportedly demanding around £400,000 to prevent the data from being sold.
Ticketmaster was just hacked, and more than half a billion users are affected. https://t.co/LPDQZGLbyh
— Mashable (@mashable) May 30, 2024
Ticketmaster hit by data hack which may affect 560m customers https://t.co/h9EfPgfDiQ
— Guardian news (@guardiannews) June 1, 2024
The hack was first revealed on May 28 on a forum called BreachForums.
But since then – and despite the potential scale of the hack – the company has said little about the incident.
The only comment I can find came in a filing to the US Securities and Exchange Commission - and that came after the Australian and American governments confirmed they were investigating the hacks.
It said: “We are working to mitigate risk to our users and the company, and have notified and are cooperating with law enforcement.
"As appropriate, we are also notifying regulatory authorities and users with respect to unauthorised access to personal information.
"We continue to evaluate the risks and our remediation efforts are ongoing."
That update does not confirm how many customers could be impacted. And it appears to have said nothing else before or since.
News reports on the hack end in a similar fashion. “Live Nation and Ticketmaster have yet to release a public statement addressing the breach,” TIME said. “Ticketmaster and Live Nation have been approached for comment”, reported The Guardian. “Live Nation and Ticketmaster did not immediately respond to requests for comment”, The Independent said.
There’s no mention of the hack on social media either.
Let’s compare it to how Santander responded to a hack by the same gang.
It put out a media statement where it apologised for the concern the incident would cause, quickly clarified what data had been taken and confirmed it would be contacting customers.
It said: “We recently became aware of an unauthorised access to a Santander database hosted by a third-party provider. We immediately implemented measures to contain the incident, including blocking the compromised access to the database and establishing additional fraud prevention controls to protect affected customers.
“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain and Uruguay, as well as all current and some former Santander employees of the group had been accessed. Customer data in all other Santander markets and businesses are not affected.
“No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords.”
As a customer, what would you find the more reassuring response?
Ticketmaster could be doing everything right. But a crucial part of crisis management – and keeping customers on side - is letting people know you are doing the right things.
And that’s clearly missing.
Perhaps it is bogged down in the legal action it faces over competition concerns, with the US government looking to break the company up after accusing it of running an illegal monopoly over live events.
Data breaches are complicated. We get it.
They are arguably one of the more complex crises to manage. It can be unclear what has happened, and details can be slim.
But as we stress during our crisis communication training, people don’t expect you to have all the answers and information immediately..
They want to know that you are aware of the incident, that you care and are doing something about it.
And they want to know what they need to do to protect their information.
It’s information that can be pulled together now in holding statements so you can communicate quickly if your organisation does become the victim of a hack.
Data is a prized possession, and more and more businesses are finding themselves at the centre of data breaches and hacks.
As well as Ticketmaster and Santander, London Drugs – a chain in Canada – closed more than 80 stores last month following a “cyber security incident”. And they remained closed for around a week, highlighting that recovery can be protracted.
The reality is no organisation is immune from cyber threats.
Are they in your crisis plan?
Would you be able to respond quickly if you suffered a data breach?
Or would you also stay silent, allowing others to fill the vacuum?
Media First are media and communications training specialists with more than 35 years of experience.
We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.
Click here to find out more about our crisis communication training courses.
