They’re one of the world’s best-know hotel brands, with a presence in more than 127 global territories. So, as news breaks of a far-reaching data breach at Marriott International, the implications are going to be huge.
The hospitality chain – which includes the Sheraton, Le Meridien and W brands – has admitted a security flaw that’s left more than 500 million customers’ data exposed. The second worst data breach of all time second only to the Yahoo data breach. Despite being detected on 10 September 2018, investigators say it could affect guest account details stretching back as far back as 2014.
As well as names and addresses, highly sensitive, personal information including date of birth and passport records and even credit card numbers were taken.
Falling foul of GDPR – Marriott facing fine and financial losses
The loss has already cost the company dearly in terms of its reputation – and now the leak looks set to cause them huge financial problems too. Although their headquarters are in the US, Marriott’s worldwide operation makes them subject to European GDPR regulations. Now they’re facing what could be the first significant GDPR breach fine of its kind – up to 4% of their annual income.
As if that wasn’t bad enough, affected guests could sue for compensation, causing a further large dent in Marriott’s profits.
In the US, an initial two suits were filed in November 2018. Both are looking to build a class action that could leave the chain facing a bill for billions. When taxi brand Uber suffered a similar fail in 2016 they had to pay out a staggering $148 million, while Yahoo’s 2014 hack saw them compensating users to the tune of $85 million.
When the Marriott breach was announced, the share price dropped by 8.7% but it has now stabilised at 5% less than it was last month.
What next for Marriott? Rebuilding trust after data breach
The good news is that, despite the size and scale of the breach, there is a way back for Marriott and there are things they can do to begin to repair their reputation.
Recent research (2017) from Centrify reveals that the average impact of a data breach is usually a 5% drop in share price and 7% loss to customer base. As a brand that routinely collects personal data as part of its booking and checking model, Marriott will need to find ways to rebuild travellers’ trust and to prevent losing nervous customers. By acting relatively quickly and being open and transparent about what has happened, they have made a confident first step forward.
Take a proactive approach to reputation management
Unfortunately, data breaches are becoming a fact of modern business life. Even the tightest security won’t prevent them every time so being prepared – having a clear and up to date data crisis plan in place – is a must.
Having a robust reputation strategy can help prepare and protect your brand when a crisis does strike. A good reputation manager can help with this.
Creating brand behaviours that include honesty and transparency helps install a sense of trust between you and clients that will stand you in good stead in times of trouble. When you do collect data, always be clear about why you are doing it and how it will be used, stored and protected.
Marriott International data breach. ValeStock/Shutterstock.com
Own your mistakes – and unveil your plan
Don’t wait for the media to break the bad news. When things go wrong, admit the fault quickly and unveil a plan to put things right. This will help customers have faith in your ability to put things right and it will help limit reputational damage.
Security expert J J Thompson says there is a seven day ‘magic’ window for companies looking to respond in a timely manner. So, get moving. Own up and make it clear that you have a plan to put things right immediately.
And don’t be afraid to apologise – in a sincere and humble way.
British Airways took out full page newspaper ads to say sorry for their data breach in 2018, and consumers reacted positively. Speaking in Campaign, marketing expert, Jane Bloomfield said: “While this data leak is obviously troublesome for BA and its customers, if they continue to clearly communicate, as they have done, and reassure customers as to how they are dealing with the breach, then the strength of brand will undoubtedly help them recover.”
When people have been inconvenienced or suffered hardship offer compensation or to make amends.
Consumers are used to trading their time, data and loyalty in exchange for rewards.
Whether it’s vouchers, points cards or exclusive deals, offering meaningful perks will help keep your audience on side – and help make them reputational advocates for your business.
Companies should have an online reputation strategy in place to not only repair, but protect their reputation from a crisis.