A leading global manufacturer contacted PCI when it discovered its database of distributors and their customers had been compromised by a data security breach.
With distributors in all 50 U.S. states, all provinces and territories of Canada, and four other countries, the company knew the scale of the cyber breach was potentially huge. The manufacturer’s IT forensics firm determined that the breach affected at least 1,000 distributors and more than 18,000 records.
Working closely with the manufacturer’s legal team – whose expertise in multijurisdictional regulatory compliance clarified the deadlines to notify distributors and customers – PCI advised the team to immediately set up a dedicated 800 number, developed scripts to maintain customer loyalty, and built a one-page website about the incident.
PCI crafted a communications plan outlining:
- important audiences
- key messages to explain what happened, reassure affected distributors and offer them assistance in recovering from the cyber breach
- the protocol for employees to follow when responding to inquiries from distributors
At every step, PCI’s senior counselors worked closely with the manufacturer’s CEO, senior leadership and attorneys to create notification letters, internal and external messaging, and a phone script for the manufacturer’s customer service representatives. PCI wrote an internal question-and-answer document to prepare management to answer difficult questions, and Frequently Asked Questions to address the most common questions that distributors and their customers would have.
We prepared materials to respond to any media inquiries, and closely monitored social media and reported to the client to be sure that social discussions focused on the manufacturer’s products and services, and not on complaints from disgruntled distributors or their customers.
Careful planning and intensive preparation, clear and direct messaging, and impeccable execution created a smooth recovery for the manufacturer and its distributors. The company experienced very few complaints and no disruption of business. The breach attracted no attention by traditional media or social media, and the manufacturer quickly returned to business as usual.