On March 31, 2011 Epsilon, a mass-marketing data provider, announced there had been a security breach in their customer database. Epsilon is a company that offers a full range of marketing services.

Epsilon says [the hack] only involves names and e-mail addresses, which even when combined do not represent personally identifiable information. So basically you might receive a lot of spam emails, and that’s about it.

Some of their clients include:

  • Kroger
  • TiVo
  • US Bank
  • JPMorgan Chase
  • Capital One
  • Citi
  • McKinsey & Company
  • Ritz-Carlton Rewards
  • Marriott Rewards
  • New York & Company
  • Brookstone
  • Walgreens
  • The College Board
  • Home Shopping Network (HSN)
  • LL Bean
  • Disney Destinations
  • Barclays Bank of Delaware
  • Target
  • 1800 Flowers
  • Ethan Allen

Most of these clients immediately sent out an apology email starting what happened, what it means for the customer and what they’re doing about it.

Like this started in the TiVO email, “We regret this has taken place and apologize for any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.”

The first press release from Epsilon was very short. On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.”

There is not an apology anywhere in that statement.  Epsilon, or its parent company Alliance Data Systems Corporation, failed to apologize until almost a week after the news broke. According to Ed Tagliaferri, executive vice president at DKC Public Relations in New York City, “You’re obviously sorry that a problem occurred and had a negative impact on your customers, so why not say that? It conveys that there is a human side to your company, you appreciate the trouble that has been caused and you’re taking the matter seriously.”

Taking your time to apologize only makes you seem suspicious. It’s like being in public relations and knowing to never saying “No comment,” when you don’t apologize for a mistake it makes you less credible.

Tripp Frohlichstein from PR Daily.com also writes, “An apology is so easy, and it makes a difference to people. Often, a person who has had a bad experience will say, “All I wanted was an apology.” It puts a human face on what can otherwise be perceived as a cold, heartless entity. It shows that you care that you may have had a negative effect on your customers.” Why is it so obvious to people that admitting there is a problem seems like first nature and to others it’s like they’re being tortured to confess they’re wrong or have made a mistake.

I think a quick apology from Epsilon would have been more beneficial to the companies involved in the breach. These well-known businesses have their reputation and trust at risk. Customers won’t remember Epsilon or Alliance Data Systems Corp. in a few months from now, or a even couple years. They’re just going to remember that when they signed up online at Target.com or TiVo that their email addresses starting receiving tons more spam.