On January 15, Tony Hsieh, CEO of Zappos issued a letter to employees and customers informing them of a massive security breach that exposed customer information including name, passwords and other personal account information. Widely regarded as one of the most socially connected companies, we were eager to see how Zappos handled this crisis both as professionals and as customers of the brand. What transpired reveals the importance of not only having a crisis communication plan in place, but also preparing a social engagement strategy as part of that plan.
From our observation, the Zappos crisis response plan seemed to be solid at first. Passwords were reset. Content was quickly produced and posted. The message that credit card information was not impacted was clearly articulated. Customers were being notified of the breach with clear directions of what to do to protect accounts. But, as the news rolled out across the country on Monday, January 16 customer reaction on Facebook and Twitter started to turn negative.
What’s interesting, in our opinion, was that negative comments were not about the data breach itself, but rather the company’s reaction. The New York Times tech blog captured the zeitgeist in this quote from a Zappos customer “That’s it? That’s how you respond to a security exposure that may require me to change my password on a large number of other sites to protect myself? That’s how little you think of your customers, just drop this glib little note and wash your hands of the whole affair? You have a legal and moral obligation to protect my information.”
The first 24 hours of the response captured a few missteps out of character for a social business like Zappos and can provide some helpful lessons for e-commerce brands:
1. Changing the standard form of communications with customers.
One of the biggest successes of Zappos’s business model is ability/desire to interact with customers seamlessly across multiple channels. During the first 24 hours of this crisis, Zappos went the opposite direction, shutting off phones due to high volume and relying on their blog post and email as their support channel. With email slowdowns and blocking international access to Zappos.com properties, a large number of customers were kept out of the loop.
2. Key information was not discoverable.
The main logic behind using a blog post to respond to a crisis is to lend an authentic voice and sense of credibility to a company’s message. Deliberate or not, the Zappos blog post about the security breach is not discoverable via their normal blog channel. Instead, you needed a link sent via email or posted on other properties to view the key content about the response.
Moreover, the only public version of their message to customers comes as a “Here is the email that our customers will be receiving” section of that note to employees. The result is a sense that Zappos is ashamed of their response or not truly committed to helping their customers understand the situation.
3. A (large) blind spot in their response strategy.
While Twitter was a responsive channel across the entire first 24 hour period of this crisis, Facebook seemed to be handled by an entirely different team. They missed obvious opportunities such as posting Hsieh’s letter as a note for people who could not access Zappos.com. More impactful perhaps was an seven-hour quiet period wherein Zappos did not respond to customer posts on Facebook. While it is a well-established practice to have a looser response time policy for Facebook than Twitter, seven hours is a long time to go silent during a crisis.
The lesson to learn from the first 24 hours of the Zappos crisis response is that a crisis communication plan is not complete without integrating social engagement. Zappos seemed to be caught flat-footed and unprepared to engage with their customers across multiple channels. This exacerbated the frustration of customers who had not received an email from the company or were stymied by the bottleneck created by the volume of users resetting their passwords. The end result was a smudge on Zappos’s impeccable heritage of online customer service.
Conducting crisis communications across multiple channels is no small feat but the foundation of a successful response can (and should) be set in advance:
- Build a crisis response team (with representatives from Corporate Communications, Legal, Public Relations, Customer Support and Marketing to engage online and coordinate between channels)
- Create a proactive and reactive crisis communications plan that includes an escalation policy for negative comments on social media sites
- Conduct crisis response simulations to test teams and processes
An Ant’s Eye Point-of-View is curated and written by Senior Social Business Consultants: Kristy Bolsinger, Joann Jen, Geoff Knox, Ali McCourt, Laura Feeney, Anthony Garcia and Sam Eder. Ideas and reactions are welcome in the comments section.