 Ronn Torossian |
Consumers in the digital age are becoming immune to shock when data breaches occur. Mostly, they just want to know “how big,” and, especially, “did it get me?” That’s the mindset brands and businesses must face when addressing what’s beginning to feel like an inevitable PR crisis for many major retailers.
The latest big name brand to announce a data breach is fuel and convenience store chain Wawa. According to media reports, debit and credit card information might’ve been stolen from thousands of customers, beginning as early as March 2019.
Reports claim Wawa doesn’t yet know how many customers were impacted, nor to what extent. However, the company did disclose that the breach affected each of its 850 locations, both in-store and at the pump. In response, Wawa is offering free credit monitoring and identity theft prevention.
Let’s take a look at how Wawa directly responded by reviewing the company’s “open letter” to consumers, from the desk of CEO Chris Gheysens.
Gheysens started off by trying to bring people in, calling their customers “friends and neighbors,” before saying, “nothing is more important than honoring and protecting your trust…”
If a bit boilerplate, it’s a nice beginning that was followed up with a direct apology with no strings. From there, Gheysens went right to the facts: hard data, what, where and when. “Our security team discovered malware on Wawa payment processing servers on December 10, 2019, and contained it by December 12, 2019. The malware affected customer payment card information used at potentially all Wawa locations beginning after March 4, 2019.”
That’s a harsh reality, but it’s much better to put it out there plainly than to beat around the bush. People need to be able to process bad news without ambiguity and with clarity. He then quickly shifted to “at this time, we believe this malware no longer poses a risk to Wawa customers …”
This was meant to help begin to restore trust, and, mostly, to keep people from thinking: “I’m definitely not going to Wawa any time soon.” The company needs people to know they’re on top of this, and, again, making a direct statement along those lines is solid crisis PR. Then came the next two statements, which really spoke to the concerned consumer:
“I want to reassure you that you will not be responsible for any fraudulent charges on your cards related to this incident … Please review this carefully to learn about the resources Wawa is providing and the steps you should take now to protect your information.”
This is a smart, forward-thinking response to this ongoing PR crisis. Often, when people are worried and scared, all they need to hear is some direction on what to do next. This communication gave upset, angry and nervous Wawa customers quick and simple access to next steps, as well as ways to assuage some of that worry.
From there, Gheysens shifted to a more in-depth description of what happened, but answering the “what’s next” was the key to this crisis PR response.
***
Ronn Torossian is CEO of leading PR agency 5WPR.
Jonathan Halvorson, a veteran of Mondelez, Twitter and GM, is set to take the CMO post at Kenvue as it faces a Texas lawsuit about the about alleged links between its Tylenol and autism.
Cracker Barrel Old Country Store has dumped San Francisco-based Prophet, the creative consultant responsible for its disastrous logo and restaurant refresh.
A cyber incident plays by different rules. And if leaders don’t recognize those differences, their response will falter.
Discover how crisis communications has evolved and why proactive storytelling, digital strategy, and internal alignment are now essential to protecting reputation in a 24/7 media landscape.
Cracker Barrel has called in Edelman for crisis work regarding the backlash surrounding its decision to drop the “old timer” leaning on a barrel from its logo.
