Another day and another data breach.
British Airways found itself in full crisis media management mode after becoming the latest consumer-facing organisation to lose its customers’ personal and financial data.
Around 380,000 transactions were affected by the hack of the firm’s security systems.
This embarrassing incident is the latest reputational issue to affect the airline in a matter of months.
In July, it was forced to apologise after IT issues caused dozens of flights in and out of Heathrow Airport to be cancelled.
And the month before, more than 2,000 BA passengers had their tickets cancelled because the prices were too cheap.
So how has it managed this latest crisis media management incident and what can other organisations learn from it?
Leading from the front
One of the most impressive things about the way British Airways has dealt with this crisis is the way chief executive Alex Cruz has been across the broadcast networks apologising profusely.
I’ve caught him on Radio 4’s Today programme, Sky News, ITV News, BBC Breakfast and 5 live presenting himself as the face of the crisis response.
He has sounded genuinely concerned, showed humility, and appeared to understand the difficulties the issues would cause customers. He has also been prepared to answer the tough questions.
The language he used to describe the hack was interesting. He called it a ‘sophisticated, malicious, criminal attack’. It implies that those responsible have had to work hard to penetrate BA’s security systems and that the people behind it were organised and highly-skilled.
He also included examples in his answers to show the action the company had taken to understand the scale of the incident, assess what information had been taken, and to communicate with affected customers.
This spokesman for BA on @BBCr4today has had some excellent PR crisis management training. Bravo.
— Martin Bamford (@martinbamford) September 7, 2018
Very well managed interview by @British_Airways CEO Àlex Cruz, talking about its data breach. Clear and timely updates on what happened and actions being taken.
— Maria Pagano (@Mariapa76) September 6, 2018
Good crisis management, so far. Hopefully they will be efficient in fixing the issue.
To be fair to BA, this is a masterclass in handling a data breach crisis. More companies should be getting their CEO out front and centre ASAP like this. Let's see whether it works to restore BA's reputation. #PR #reputationmanagement #crisiscommunications https://t.co/NRkydATHnI
— Grace (@gracelovesldn) September 7, 2018
He was also unequivocal on the issue of whether customers would be compensated.
He told the Today programme: “We are 100 per cent committed to compensate them. Period. We are going to work with any customer that may have been affected as a direct result of this attack and we will compensate them for any financial hardship they may have suffered.”
Interestingly, that compensation response was a lot stronger than the one he had given in an earlier interview with Sky News. There he had said: “We're interested in speaking with our customers about any potential negative effect that this event may have had on their credit card.”
This shows that he was adapting his messaging as more details about the incident emerged and was potentially reviewing interviews and looking at what went well and where he could improve.
The CEO does not always need to lead an organisation’s crisis response – sometimes other senior leaders may be better placed. But considering the scale of the incident, and the fact it followed on so closely from other damaging stories, he was absolutely right to lead this from the start.
Apology ad
The apology ad is rapidly becoming an integral part of a crisis media management response.
In the last few months Facebook and KFC have been among those to turn to full page adverts in the nation’s newspapers to apologise when things have gone wrong.
And British Airways joined this growing trend with an advert on Friday.
British Airways says sorry, again. Full page ads in newspapers today after hackers gain access to 380,000 transactions on website and app. Have you been affected? We’ll speak to BA’s Chief Executive at 0810 on @BBCBreakfast pic.twitter.com/KD2r0KW7r3
— Ben Thompson (@BBCBenThompson) September 7, 2018
It started and ended with apologies, which I liked, and there was probably just enough reassurance in there.
Personally, I think it could have been punchier and I would have opted for using the ‘sophisticated, malicious, criminal attack’ language used by Mr Cruz in his interviews – particularly as the ad then goes on to claim the company takes customers’ data ‘very seriously’.
And I would have made it more personal, making it clear that this apology came from the top, rather than ending with the British Airways logo.
Social media
You have to hand it to the British Airways social media team which appears to have been working tirelessly in a bid to individually answer the questions posted by affected customers.
It is a brave move considering the scale of traffic.
Organisations that try this during crisis media management incidents often end up producing what look like pretty robotic responses, thanks to an overuse of ctrl c and ctrl v.
British Airways, however, appears to have given its social media team the trust to adapt messages so that it appears like the responses really do come from a human.
My only criticism on social media would be whether Mr Cruz could have used his own account to post messages, or at least retweet BA ones. As I write this, his Twitter account has not been used since 20 August which slightly goes against the impression of a boss who is fully on top of a crisis.
So
As much as I liked Mr Cruz’s interviews, he does have an annoying tendency to start his responses with the word ‘so’.
For example, during the Today programme interview, he was asked how the breach was discovered and he responded: “So, we have a network of partners that are monitoring continuously what happens to websites across the world…”
It may seem like a fairly innocuous word, but used repeatedly at the start of answers it can become irritating and distracting.
It also sounds unnatural and doesn’t add anything to responses.
Well prepared
It is hard to escape the impression that a data breach crisis media management incident is something British Airways has prepared for.
It has the feel of something which has been rehearsed and practiced, enabling those involved to act quickly and with confidence during the real thing.
@British_Airways proved they had the crisis communication plan ready for such cases. Very well done, PR team. #BritishAirways #databreach https://t.co/zdERZ2KCRy
— Mikayil Hajiyev (@mhajiyev) September 7, 2018
It has to be said, the British Airways response to the hack has been nothing short of a masterclass in crisis PR. Clear, genuine and customer first.
— Greg Double (@Dubstep1988) September 7, 2018
And this is crucial.
Data breaches are so commonplace now that you not only need a crisis plan for managing one, but you also need one which has been rigorously tested. Let us know if we can help you test your crisis plan.
Media First are media and communications training specialists with over 30 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.
Click here to find out more about our practical crisis communication training.
Subscribe here to be among the first to receive our blogs.
