top of page
  • Writer's pictureChris Bowler

Capital One's response is painfully inadequate

Just like Marriott, they're playing hide and seek

It's been a few days since we learned that Capital One fell victim to yet another cyber attack. Over 100 million individuals were affected, with basic personal information potentially hacked. Worse, a small percentage of these accounts may have revealed bank account information and social security numbers.

What's always interesting is how a brand responds to this type of incident - really, any incident which can negatively impact trust between the brand and its customers.

Last December, we saw how Marriott responded in a very similar situation. Back then, I outlined what they were doing - or more accurately - what they were ignoring, and made the case for much more visible and transparent communications. Instead, Marriott virtually buried its head in the sand hoping it would all just go away.

How is Capital One responding? Well, aside from the obligatory FAQ on its website, the answer is not much. Only one social media post has been made to its Facebook account with over 800 comments to date from irate customers. To the brand's credit, Capital One is monitoring and posting responses. But how many customers will actually see this post? It appears that they aren't promoting the post to their fans (with paid media) which means it will get almost zero visibility.

What about email marketing? Nope. I'm a Capital One customer and have received nothing to date. Arguably, this would be the fastest and best way of quickly communicating to your customer base. Why the brand is ignoring this channel is baffling.

Interestingly, Norton, makers of anti-virus and anti-malware software, wasted no time in sending out emails around the Capital One data breach to its subscriber list. I guess email marketing is only activated when money is to be made!

So why does this matter? Say you are a small or medium-sized business, what do these incidents and their response strategy have to do with you? Three key takeaways.

First, while this is about a breach of data, it's actually a breach of trust as well. And we know that consumers will take their business elsewhere when these problems occur. A business in this situation should consider the real cost of doing virtually nothing.

Second, an active and visible response allows the brand to get ahead of the narrative. A fundamental rule of good PR is to tell your side of the story; otherwise, the media, influencers, and customers will be left to come up with their own conclusions.

Third, actively reaching out to customers demonstrates brand empathy - that you really care about their experience with the brand. It must be extremely frustrating for some concerned customers to have to go on a hunting expedition just to find information about how their personal finances may have been mis-managed by Capital One.

So, if you are a smaller business than Capital One, realize that you have an opportunity to use your communication channels to forge a stronger bond with your customers. Even during a negative incident such as this one, showing you care enough to communicate the problem (and the solution) will go a long way to keeping these customers in the fold.

How would you suggest Capital One respond? Feel free to leave a comment below.

23 views0 comments

Recent Posts

See All


bottom of page