Proactivity, openness and honesty has stood British Airways in good stead over the last week. While good communications can’t solve a data breach crisis, British Airways’ textbook approach to their crisis management plan has helped minimise the damage to its reputation as it faced criticism head on.
Read how it has communicated through the crisis so far, an analysis by The Social Element’s Strategy and Innovation Director, Lisa Barnett, in ‘BA Data Breach: A Crisis Management Plan, Well Communicated’.
British Airways’ crisis management plan around a data breach kicked into action last week, showing the industry and its customers that it was well prepared for this issue and took the right communication steps to minimise damage.
Crisis Management Plan in Action
Taking a proactive stance, British Airways admitted to the media and customers that a data breach took place between 22.58 BST 21 August and 21:45 BST on 5 September. The speed in which the airline dealt with the issue is a testimony to its crisis management planning.
As soon as BA found the breach on Wednesday night, it launched an investigation. Within 24 hours, the airline contacted any customers that made any purchases during the time frame, believed to be around 380,000.
The company came clean on Twitter with a pinned tweet date 6 September at 6:31 pm about the situation that is clear for anyone coming to the platform:
We are investigating the theft of customer data from our website and our mobile app, as a matter of urgency. For more information, please click the following link:https://t.co/2dMgjw1p4r
— British Airways (@British_Airways) September 6, 2018
Bet the social media team wasn’t happy at the timing of having to stay late in the evening to deal with the concerns. British Airways followed its crisis management plan by responding to individuals using the correct tone of voice and the right amount of empathy. It used every language, said it was “very sorry” and “appreciate the frustration and inconvenience caused.”
Looking at the tweets, you can see that British Airways produced a set of FAQs that its social media team could use to respond to customers. The team stuck to the facts to when the breach took place and what data was stolen, tried to shift the blame by using the term “criminal activity”, and told customers to contact their bank or card supplier.
There were a number of people working on the twitter account over the next few days, and yet the replies never looked robotic nor did it use the same cut and paste response repeatedly. The team had obviously been briefed on how to craft the response using the correct phrase and terms, but given the freedom to adapt according to the customer’s query.
This pinned tweet when it alerted everyone to the issue has over 1250 retweets and about 720 likes, proving that while customers were not thrilled about the news, the audience has accepted the breach and wants to find out how to protect itself. The peak of the customer complaints and queries took place on 6 and 7 September, with a steady flow over the next few days.
The airline also has a dedicated area on its website which was last updated on 13 September, with a statement and an FAQ for determining if you have been affected, what to do if affected and how it affects bookings.
Learning from Experience
The crisis department at British Airways is used to dealing with issues, as there have been three major issues with its IT systems during the past year. The last one being two months ago in July when dozens of flights were canceled from Heathrow Airport due to IT issues. The crisis team must have learnt from its previous mistakes and has continued to tweak its processes and procedures to be able to quickly communicate the facts to customers and in an effective manner. British Airways’ textbook approach with its crisis management plan has helped minimise the damage to its reputation as it faced the criticism head on.
Two very different crises but both prove that if companies are crisis ready for a negative situation, then you can emerge with minimal damage. Neither Nike nor British Airways will be affected in the long-term through these crises, however they will have to reinforce their key messages with their customers’ aspirations to ensure that customer loyalty is retained. The next campaign or data breach may not have the same reaction, if their customers turn against them.