The good, the bad and the ugly of this crisis response | Media First

The good, the bad and the ugly of this crisis response

Data breaches can almost feel like an everyday occurrence at the moment, but the one which affected Capital One this week was massive.

The personal details of about 106 million people across the US and Canada were stolen in a hack.

That data included names addresses, phone numbers, bank account details and social security numbers.

The breach, which has led to an alleged hacker being arrested, is believed to be one of the largest in banking history and plunged the financial services firm into crisis media management mode.


Capital One data breach impacts millions City News Toronto

Capital One information hacked in massive data breach Time

Capital One bank face security concerns after massive data breach caused by ‘amateur’ lone hacker Daily Mail

Capital One data breach affects 106m people Financial Times


Its response, however, has been mixed.

Let’s start with the good.

One of the best parts of its statement, which you can read by clicking here, is the quote from CEO and chairman Richard D Fairbank.

It came high up in the response and displays empathy, contrition and visible leadership. It sounds sincere and shows an understanding of the severity of what has happened and the impact it will have on customers.

He said: “While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened.

“I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”

On our crisis media management courses, we discuss the importance of organisations using their crisis responses to show what action they are taking to tackle the issues and make things better for their customers.

And there were some examples of that here. The company promised to notify all those who have been affected and will provide them with free credit monitoring and identity protection.

There is also a detailed question and answer section in the statement which may tackle some of the questions from affected customers.

But it is not all good.

One of the parts which stood out for me was just how incredibly wordy the statement is. And it appears to have been written by the legal department rather than anyone in comms.

Take the opening line for example. It says: “Capital One Financial Corporation announced today that on July 1, 2019, it determined there was unauthorized (SIC) access by an outside individual who obtained certain types of personal information relating to people who had applied for its credit card products and to Capital Once credit card customers.”

It went on to talk about fixing “the configuration vulnerability”. Hardly plain English.

And worse was to follow, as some of the statement is also bizarrely contradictory and can easily be seen as an ugly attempt to spin or play down the significance of the incident.

It boldly claims that ‘no bank account number or Social Security numbers were compromised’, before adding a pretty hefty clause which says 140,000 Social Security numbers and 80,000 banks account numbers were in fact compromised. Additionally, one million Canadian Social Insurance Numbers were also compromised in the incident.

Was it hoping that people would only read the ‘no bank account number or Social Security numbers were compromised’ part of that sentence?

That sentence should really read ‘bank account numbers and social security numbers were compromised’ to create the transparency and honesty brands should strive for when managing a crisis.



After this breach it may be time for Capital One to replace its ‘what’s in your wallet slogan’ with ‘who’s been in your wallet’



Download our FREE eBook to find out more about planning for a crisis. It includes a checklist to helping you identify the right spokesperson, messaging templates and a risk register to help you identify your organisation’s vulnerabilities.


Media First are media and communications training specialists with over 30 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers. 

Click here to find out more about our journalist-led crisis communication training courses.



Our Services

Media First are media and communications training specialists with over 30 years of experience. We have a team of trainers, each with decades of experience working as journalists, presenters, communications coaches and media trainers.

Media training
Presentation skills training
Social media training
Message development and testing
Leadership communication training
Crisis communication training
Crisis management testing
Writing skills training
Video sound bites

Recommended Reading

Media Skills Training, Crisis management — 4 December by Adam Fisher

Come on Eileen – why we still show this terrible interview on our courses

Observing one of our recent media training courses, I saw an interview I hadn’t seen before. It was shown towards the end, as the course touched on crisis communication and how to manage interviews…

Crisis management — 27 November by Adam Fisher

The crisis communication lessons you can learn from an ice hockey club

You might have been expecting us to look at Jeremy Corbyn’s interview with Andrew Neil in today’s media training blog and perhaps discuss whether it was more of a disaster than Prince Andrew’s…