Blog — The Snow Report
Sony’s Data Breach and Crisis Communications
Posted on May 3, 2011 by admin
The Sony public relations team finds itself in the midst of a very difficult situation these days. Hackers have broken into the PlayStation Network, its digital media and online gaming delivery service, possibly stealing sensitive customer data. With 77 million users, this could be one of the largest data breaches in history. The entire network has been offline for 13 days (and counting) while Sony assesses the damage and improves its own security by rebuilding the entire network from the ground up. In the meantime, Sony is dealing with furious customers, a sliding stock, at least one class action lawsuit, and no shortage of bad press.
It doesn’t help that Sony waited until six days after the breach to warn that customer banking information may have been compromised. That’s an eternity, both in terms of credit theft and crisis communications.
The key to effective crisis communications is to have a plan in place that allows for swift communication in the event of an incident, even while the damage is still being surveyed. Otherwise the public impression is that the company is dragging its feet (regardless of whether scores of employees are working 80 hours per week to fix the problem). Communicating before the extent of the damage is fully understood is difficult and uncomfortable. But it’s still better than remaining silent while hoping the IT team doesn’t turn up anything else.
A pre-developed crisis communications plan identifies spokespeople, key publics and preferred mediums. It allows for swift, centralized responses that minimize rumors and address key concerns. Perhaps most importantly, it anticipates various crises and the best response methods for each. Naturally, some details have to be filled in later because every crisis is unique, but in the age of social media every hour saved is crucial.
The Sony communications team deserves some credit for its handling of the situation so far – the PlayStation blog has posted numerous updates and alerts over the past week. The company posted a formal statement detailing actions being taken. But by delaying its admission of the most damaging details (that user credit card data may have been compromised) for nearly a week, Sony made a bad situation even worse.