A Crisis Communications Plan for Data Breaches

Oct 28, 2015


Data breaches are becoming more common with breaches this year in the healthcare, financial, and higher-education industries.

With a profusion of sensitive data, healthcare organizations are a prime target for data breaches, and 2015 has seen its fair share with major players like Anthem and Blue Cross among the violated.

Aside from working with your IT department to take measures to minimize your organization’s risk, you should be ready with a crisis communications plan specific to this type of situation.

Step 1: Get prepared.

Knowing how your organization will react to a data breach is essential and will expedite your response. Make sure you can answer the following questions to get the ball rolling.

  • How will the public and stakeholders be informed?
  • What other key steps need to take place immediately after the breach?
  • Who are your contacts at relevant law enforcement agencies and credit monitoring services?
  • How will legal concerns be balanced against reputational damage?
  • Does it make sense to have a seasoned PR crisis communications consultant on retainer?

Step 2: Establish the facts.

If a data breach occurs, circle up your crisis communications team—top-level executives from legal, your public relations consultants, security, IT and any other relevant departmentsand hold a meeting to establish what you know. Determine what data was compromised, who was affected, how they should be alerted, if the security hole has been patched, and what law enforcement agencies have been informed.   

Step 3: Communicate immediately and directly.

Once you know what you know, you need to inform those affected quickly and directly. You will also need to make an official statement about the event on your website and potentially to the media. But first, get in touch with those who were impacted. 

  • Be honest and straightforward.
  • Show remorse and articulate how seriously you are taking the situation.
  • Explain how the breach will affect those impacted and what they can do.
  • Answer any potential questions that you can.
  • Focus on the relationship and how you can strengthen it.

A great example of a company that reacted well in a data breach crisis is Buffer. They got ahead of the story and sent this message directly to all customers before the breach was even public knowledge.

Hi there,

I wanted to get in touch to apologize for the awful experience we’ve caused many of you on your weekend. Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now.

Not everyone who has signed up for Buffer has been affected, but you may want to check on your accounts. We’re working hard to fix this problem right now and we’re expecting to have everything back to normal shortly.

We’re posting continual updates on the Buffer Facebook page and the Buffer Twitter page to keep you in the loop on everything.

The best steps for you to take right now and important information for you:

Remove any postings from your Facebook page or Twitter page that look like spam

Keep an eye on Buffer’s Twitter page and Facebook page

Your Buffer passwords are not affected

No billing or payment information was affected or exposed

All Facebook posts sent via Buffer have been temporarily hidden and will reappear once we’ve resolved this situation

 I am incredibly sorry this has happened and affected you and your company. We’re working around the clock right now to get this resolved and we’ll continue to post updates on Facebook and Twitter.

If you have any questions at all, please respond to this email. Understandably, a lot of people have emailed us, so we might take a short while to get back to everyone, but we will respond to every single email.

– Joel and the Buffer team

Step 4: Make your official statement.

Now that you have addressed the stakeholders impacted, you can make your official statement. Publish it to your homepage above the fold and direct people to a 24/7 number or email where they can get more information.

  • Let people know what happened.
  • Be honest and compassionate.
  • Explain the consequences, what you have already done and what more you will do.
  • Answer any questions you can.
  • Provide contact information for media inquiries and for stakeholders looking for additional information.

Step 5: Monitor all social channels.

You should pin your official statement to all your social media profiles and respond to questions and negative statements as quickly as possible by arming your social team with information. Provide the team with a clear message to respond, where specific questions can be directed, a flow chart that tells them how and to whom to elevate certain issues. 

Additionally, monitor all social media channels, review sites, forums and industry blogs, to gauge online sentiment and to know when you need to jump in to shape the narrative in a positive way.

Step 6: Follow up

Continue to communicate regularly throughout the crisis and provide updates whenever possible. Have a script prepared that answers standard questions even after the initial period. Don’t respond with “no comment.”

Use your social media channels to provide information as it becomes available and be sure to update your official statement. 

The bottom line is to have a plan of action, communicate clearly and directly, and monitor online and traditional media. If your organization is without a crisis communications plan, we can help you put one together, so you are prepared should any type of crisis arise. Drop us line a line to set up a time to talk.


Maribeth Neelis


As a digital marketing strategist, Maribeth loves learning and writing about content marketing, social media, SEO, paid advertising, PR and mobile. She is obsessed with data-driven marketing and believes all online channels should be given a strategy, so engagement can be personalized and well targeted. In her free time, she likes watching science documentaries, hiking, skiing and traveling to far-flung places.

Add Pingback
blog comments powered by Disqus

Category List

Tag List

denver pr firms (2)
Instagram Story Mistakes (1)
denver crisis commuications (2)
Denver Public Relations Firms (1)
Social Media for Business (4)
Festival Crisis Communications (1)
health literacy (1)
Festival Crisis (1)
social media (4)
PR Strategy (1)
crisis public relations (5)
Denver Media Relations (1)
Denver PR Firm (23)
colorado (1)
Colorado PR Firms (1)
denver (3)
Instagram for Business (1)
Crisis Communications (19)
Event PR (2)
media relations (1)
PR (11)
Content Marketing Strategy (1)
PR Denver (11)
denver communications (2)
Colorado healthcare pr (2)
Digital Strategy (2)
colorado pr (6)
Public Relations (32)
public relations agency (5)
healthcare public relations denver (1)
denver crisis communications (2)
Event Public Relations (1)
Public Relations Firm (2)
denver healthcare pr (3)
brand public relations (2)
crisis communications denver (2)
Instagram (1)
Event Communications (2)
healthcare pr denver (3)
Denver Healthcare PR Firm (12)
Content Marketing (1)
Nonprofit public relations (1)
Public Relations Case Study (1)
Festival Communications (1)
public relations companies (3)
non profit PR agency (1)
PR Firm (9)
Denver Public Relations, Denver PR (9)
Festival PR (1)
Instagram Story Business (1)
Denver PR (19)
top denver pr firms (1)
colorado public relations (6)
search engine marketing (1)
Denver Public Relations Firm (10)
SEO (1)
event pr denver (2)
denver branding (1)
Our Clients (1)
Social Media Strategy (2)
Communication Strategy (2)
healthcare pr (9)
healthcare public relations (3)
Instagram Stories (1)
Branding (3)
denver heatlhcare pr (1)
Colorado Public Relations Firm (1)
Denver Social Media (5)
public relations denver (7)
crisis pr Colorado (4)
Law Firm PR (1)
Colorado PR Firm (5)
Colorado Crisis Communications (1)
PR Tactics (11)
healthcare AI (1)
Nonprofit PR (4)
PR agency (3)
Social Media Denver (2)
Media Relations Denver (1)
crisis PR (11)
Social Media Management (1)
healthcare (6)
Denver PR Strategy (3)
nonprofit pr denver (1)
Denver Nonprofit PR Firm (9)
Denver Public Relations (20)
Festival Crisis PR (1)
best Denver pr firms (1)
PR companies (3)
healthcare communications (1)
crisis pr denver (5)
health communications (3)
Social (1)
Public Relations Update (6)
Colorado Public Relations Firms (1)


© 2019 Pushkin Public Relations. ALL RIGHT RESERVED

Site Map