Remember that old adage, “be careful what you say and how you say it”? Well, I wonder if the people over at Heartland Payment Systems have been thinking that as of late. Recently, as the country basked in the news of the inauguration, Heartland quietly announced what could be one of the biggest data breaches to date.
As a PR person, my red flags went up when I read the news of the breach. I thought it seemed too coincidental that the company chose to go public with the bad news on a day when news outlets would be focused on the new administration.
In its statement, Heartland acknowledged that the breach occurred in 2008, but that it had been discovered the week prior to the inauguration. The company said that it had been working to get enough facts together before going public with the information. While this may be true, it doesn’t appear that there was much thought given to the repercussions of what would happen by making such a significant announcement on inauguration day. Most of the resulting coverage questioned Heartland’s motives.
Once of the first lessons I learned in my crisis PR training—and in real-life experiences—is that trying to hide bad news only leads to trouble. I have always believed that when it comes to any type of news, timely dissemination of the truth is the best option.
It seems that a lot of other people believe that and are angered enough to become litigious about how and when Heartland chose to disclose the information about the breach. The class-action lawsuit claims that Heartland “made unreasonably belated and inaccurate statements concerning the breach.”
While the company has attempted to smooth the PR waters by issuing a call-to-action release about fighting cybercrime and another announcing it’s speeding up development of end-to-end encryption, the effort could prove to be too little to late.
Comments