As news breaks of a far-reaching data breach at Marriott International, the implications are huge.
The hospitality chain – which includes the Sheraton, Le Meridien and W brands – has admitted a security flaw that’s exposed the data of more than 500 million customers. It’s the second worst data breach of all time, second only to the Yahoo data breach. Despite being detected on 10 September 2018, investigators say it could affect guest account details stretching back as far back as 2014.
As well as names and addresses, highly sensitive, personal information including date of birth and passport records and even credit card numbers were taken.
Falling foul of GDPR
The loss has already cost the company dearly in terms of its reputation – and now the leak looks set to cause huge financial problems too. While headquartered in the US, Marriott’s worldwide operation makes it subject to European GDPR regulations. Now the company is facing what could be the first significant GDPR breach fine of its kind – up to 4% of its annual income. Affected guests could also sue for compensation, causing a further dent in Marriott’s profits.
An initial two suits were filed in November 2018 in the US. Both are looking to build a class action that could leave the chain facing a bill for billions. When taxi brand Uber suffered a similar fail in 2016 they had to pay out a staggering $148 million, while Yahoo’s 2014 hack saw them compensating users to the tune of $85 million.
When the Marriott breach was announced, the share price dropped by 8.7%. It has since stabilised at 5% less than it was last month.
What next for Marriott? Rebuilding trust after data breach
The good news is that, despite the size and scale of the breach, there is a way back for Marriott and there are things they can do to begin to repair their reputation.
Recent research (2017) from Centrify reveals that the average impact of a data breach is usually a 5% drop in share price and 7% loss to customer base. As a brand that routinely collects personal data as part of its booking and checking model, Marriott will need to find ways to rebuild travellers’ trust and to prevent losing nervous customers. By acting relatively quickly and being open and transparent about what has happened, they have made a confident first step forward.
Taking a proactive approach to reputation management
Unfortunately, data breaches are becoming a fact of modern business life. Even the tightest security won’t prevent them every time so being prepared – having a clear and up to date data crisis plan in place – is a must.
Having a robust reputation strategy can help prepare and protect brands when a crisis does strike. A good reputation manager can help with this.
Creating brand behaviours that include honesty and transparency helps install a sense of trust between brands and clients that will stand companies in good stead in times of trouble. When your company does collect data, always be clear about why you are doing it and how it will be used, stored and protected.
Marriott International data breach. ValeStock/Shutterstock.com
Own your mistakes – and unveil a plan
When things go wrong, admit the fault quickly and unveil a plan to put it right. This will help customers have faith in your ability to put things right and help limit reputational damage.
Security expert J J Thompson says there is a seven day ‘magic’ window for companies looking to respond in a timely manner. So, get moving. Own up and make it clear that you have a plan to put things right immediately.
And don’t be afraid to apologise – be sincere and humble.
British Airways took out full page newspaper ads to say sorry for their data breach in 2018, and consumers reacted positively. Speaking in Campaign, marketing expert, Jane Bloomfield said: “While this data leak is obviously troublesome for BA and its customers, if they continue to clearly communicate, as they have done, and reassure customers as to how they are dealing with the breach, then the strength of brand will undoubtedly help them recover.”
When people have been inconvenienced or suffered hardship offer compensation or to make amends.
Incentivise customer loyalty
Consumers are used to trading their time, data and loyalty in exchange for rewards.
Whether it’s vouchers, points cards or exclusive deals, offering meaningful perks will help keep your audience on side – and help make them reputational advocates for your business.
Companies should have an online reputation strategy in place to not only repair, but protect their reputation from a crisis.