The good, the bad and the ugly of this crisis response

Data breaches can almost feel like an everyday occurrence at the moment, but the one which affected Capital One this week was massive.

The personal details of about 106 million people across the US and Canada were stolen in a hack.

That data included names addresses, phone numbers, bank account details and social security numbers.

The breach, which has led to an alleged hacker being arrested, is believed to be one of the largest in banking history and plunged the financial services firm into crisis media management mode.


Capital One data breach impacts millions City News Toronto

Capital One information hacked in massive data breach Time

Capital One bank face security concerns after massive data breach caused by ‘amateur’ lone hacker Daily Mail

Capital One data breach affects 106m people Financial Times


Its response, however, has been mixed.

Let’s start with the good.

One of the best parts of its statement, which you can read by clicking here, is the quote from CEO and chairman Richard D Fairbank.

It came high up in the response and displays empathy, contrition and visible leadership. It sounds sincere and shows an understanding of the severity of what has happened and the impact it will have on customers.

He said: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.

“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

On our crisis media management courses, we discuss the importance of organisations using their crisis responses to show what action they are taking to tackle the issues and make things better for their customers.

And there were some examples of that here. The company promised to notify all those who have been affected and will provide them with free credit monitoring and identity protection.

There is also a detailed question and answer section in the statement which may tackle some of the questions from affected customers.

But it is not all good.

One of the parts which stood out for me was just how incredibly wordy the statement is. And it appears to have been written by the legal department rather than anyone in comms.

Take the opening line for example. It says: “Capital One Financial Corporation announced today that on July 1, 2019, it determined there was unauthorized (SIC) access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital Once credit card customers.”

It went on to talk about fixing “the configuration vulnerability”. Hardly plain English.

And worse was to follow, as some of the statement is also bizarrely contradictory and can easily be seen as an ugly attempt to spin or play down the significance of the incident.

It boldly claims that ‘no bank account number or Social Security numbers were compromised’, before adding a pretty hefty clause which says 140,000 Social Security numbers and 80,000 banks account numbers were in fact compromised. Additionally, one million Canadian Social Insurance Numbers were also compromised in the incident.

Was it hoping that people would only read the ‘no bank account number or Social Security numbers were compromised’ part of that sentence?

That sentence should really read ‘bank account numbers and social security numbers were compromised’ to create the transparency and honesty brands should strive for when managing a crisis.



After this breach it may be time for Capital One to replace its ‘what’s in your wallet slogan’ with ‘who’s been in your wallet’.



Download our FREE eBook to find out more about planning for a crisis. It includes a checklist to helping you identify the right spokesperson, messaging templates and a risk register to help you identify your organisation’s vulnerabilities.


Media First are media and communications training specialists with over 30 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers. 

Click here to find out more about our journalist-led crisis communication training courses.



Our Services

Media First are media and communications training specialists with over 30 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.

Online learning
Training by videoconference
Media training
Message development and testing
Presentation skills training
Crisis management testing
Crisis communication training
Leadership communication training
Writing skills training
Social media training
Video sound bites
Identifying positive media stories
How to film and edit professional video on a mobile
Media skills refresher
Media skills
TV studios
Crisis communications
Presentation skills and personal impact
Media training NEW21
Ways - Online learning
Ways - Videoconference
Ways - Blended
Ways - In-Person

Recommended Reading

Crisis management — 4 March by Adam Fisher

The picture that went viral and destroyed a reputation

Few people without an interest in horse racing would have heard of Gordon Elliott until recently. But one viral image has ensured he is now known across the world. And not for the reasons he, or…

Crisis management — 2 March by Adam Fisher

5 poorly handled crisis incidents and the lessons you can learn from them

We recently looked at some crisis media management incidents that had been handled well. But what about those responses which were not managed quite so successfully? In this blog, we are going to…