Categories
- Blogs
- Books
- Bulleted lists
- Chat
- Collaborating
- Content
- Contest
- Credibility
- Customer satisfaction survey
- Customer service
- Customer service e-mail
- Editing
- enewsletter
- English as a second language
- FAQs
- Government web writing
- Grammar and usage
- Help desk
- Hypertext links
- Jargon
- Jobs
- Marketing
- Metrics
- Plain language
- Press release
- Public relations
- Punctuation
- Quality standards
- Research
- Social Customer Service
- Social media
- Spelling
- Style guides
- Subject line
- Tone
- Usability
- Usage
- Visual display
- Webinar
- Web Writing
- Wikis
- Word cloud
- Words
- Writing
- Writing resources
- Writing Skills
- Writing training
April 8, 2011
E-mails about the Epsilon security breach: Marriott got it wrong, but Target and Hilton got it right
A couple of days ago, hackers stole data (customers' names and e-mails) from Epsilon, a company that manages e-mail marketing campaigns for some of the nation's biggest retailers. (Read the WSJ article "Breach Brings Scrutiny.") I must be a downstream customer of Epsilon's because within a day of the breach I had received explanation e-mails from Marriott, Target, and Hilton. (Scroll to the bottom to read the three e-mails.) Overall, Marriott's was the least effective. After a close read of these three samples, I've come up with some advice.
Four tips for writing e-mail that explains a security breach ... or other bad news
- Write a clear subject line. Target and Hilton used the same subject line: Important message from [Target, Hilton HHonors]. Marriott used Important Notice from Marriott International, Inc. These subject lines are truly inadequate and likely to get lost in my inbox. And they do nothing to offset the torrent of phone calls each company's contact center must have received from nervous customers. Even Explanation of Recent Security Breach would have been a better subject line.
- Use a specific greeting. Marriott got this right. But Target addressed me as a valued guest. I have never understood this euphemism for customer. Yes, one treats guests nicely, but one doesn't usually try to sell them things or protect their e-mail addresses. And Hilton's Dear Customergreeting is just blah. It's anonymous.
- Explain what the customer should do. Marriott's advice is weak: continue to be on alert. Marriott does nothing to help customers gauge the severity of the breach or to take steps to protect themselves. In contrast, Target and Hilton give bulleted, specific instructions.
- Sign the e-mail. When your customers become concerned about their personal data, it's time to bring in the big guns. Marriott blundered again. Their e-mail isn't even "signed" with a person's title, such as Marketing Director or Customer Service Manager. Hilton's and Target's VPs took personal responsibility in their company's e-mails.
On a related topic, Epsilon's news release on the breach -- "Epsilon Notifies Clients of Unauthorized Entry into Email System" -- is pure blunder. The worst thing a company can do when something bad has happened is use language that hides ownership. Plain language is a must. If ever Epsilon should have chosen active voice, this would be the time. But Epsilon's news release is full of the company's hysteria-induced use of passive voice: "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system." Who detected? Who exposed?
********************************************************
Marriott's E-Mail
Dear Marriott Customer,
We were recently notified by Epsilon, a marketing vendor used by Marriott International, Inc. to manage customer emails, that an unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list.
In all likelihood, this will not impact you. However, we recommend that you continue to be on the alert for spam emails requesting personal or sensitive information. Please understand and be assured that Marriott does not send emails requesting customers to verify personal information.
We take your privacy very seriously. Marriott has a long-standing commitment to protecting the privacy of the personal information that our guests entrust to us. We regret this has taken place and apologize for any inconvenience.
Please visit our FAQ to learn more.
Sincerely,
Marriott International, Inc.
********************************************************
Target's E-Mail
To our valued guests,
Target’s email service provider, Epsilon, recently informed us that their data system was exposed to unauthorized entry. As a result, your email address may have been accessed by an unauthorized party. Epsilon took immediate action to close the vulnerability and notified law enforcement.
While no personally identifiable information, such as names and credit card information, was involved, we felt it was important to let you know that your email may have been compromised. Target would never ask for personal or financial information through email.
Consider these tips to help protect your personal information online:
- Don’t provide sensitive information through email. Regular email is not a secure method to transmit personal information.
- Don’t provide sensitive information outside of a secure website. Legitimate companies will not attempt to collect personal information outside a secure website. If you are concerned, contact the organization represented in the email.
- Don’t open emails from senders you don’t know.
We sincerely regret that this incident occurred. Target takes information protection very seriously and will continue to work to ensure that all appropriate measures are taken to protect personal information. Please contact Guest.Relations@target.com should you have any additional questions.
Sincerely,
Bonnie Gross
Vice President, Marketing and Guest Engagement
********************************************************
Hilton's E-Mail
Dear Customer:
We were notified by our database marketing vendor, Epsilon, that we are among a group of companies affected by a data breach. How will this affect you? The company was advised by Epsilon that the files accessed did not include any customer financial information, and Epsilon has stressed that the only information accessed was names and e-mail addresses. The most likely impact, if any, would be receipt of unwanted e-mails. We are not aware at this time of any unsolicited e-mails (spam) that are related, but as a precaution, we want to remind you of a couple of tips that should always be followed:
- Do not open e-mails from senders you do not know
- Do not share personal information via e-mail
Hilton Worldwide, its brands and loyalty program will never ask you to e-mail personal information such as credit card numbers or social security numbers. You should be cautious of "phishing" e-mails, where the sender tries to trick the recipient into disclosing confidential or personal information. If you receive such a request, it did not come from Hilton Worldwide, its brands or its loyalty program. If you receive this type of request you should not respond to it but rather notify us at fraud_alert@hilton.com.
As always, we greatly value your business and loyalty, and take this matter very seriously. Data privacy is a critical focus for us, and we will continue to work to ensure that all appropriate measures are taken to protect your personal information from unauthorized access.
Sincerely,
Jeffrey Diskin
Senior Vice President, Customer Marketing
Hilton Worldwide
********************************************************
Be the first to comment
Get email updates
Recent posts
- Why a 280-Character Customer Service Tweet is a Bad Idea
- How to Use LinkedIn to Your Best Advantage
- In live chat, don’t argue with customers who are trying to pay
- Writing for the Web: Register for this course on March 15, 2013 in Silver Spring,MD
- Using Twitter for Customer Service? Answer the customer’s dang question
Blogroll
- 456 Berea St
- Bad Language
- Beth Kanter's Blog
- Business Writing
- Communication in a Web Saturated World
- Compete on Usability
- copyblogger
- Debbie Weil
- Earley Blog
- Good Experience
- Grammar Girl :: Quick and Dirty Tips
- I'd Rather Be Writing
- In the Box
- Klariti.com
- Learn How to Write from the Best Blogs
- Manage Your Writing
- Plain Language Matters
- The Writer Underground
- Webcredible
- Words to Good Effect
- Writing for the Web
- Wylie's Writing Tips
- Your English Success
Archive
- April 2013
- February 2013
- January 2013
- December 2012
- November 2012
- September 2012
- August 2012
- July 2012
- June 2012
- April 2012
- March 2012
- February 2012
- January 2012
- November 2011
- October 2011
- September 2011
- July 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
Follow us: