How to Successfully Handle Press Releases After a Data Breach

Posted on 18 December 2021
By Carlton Whitfield
  • Share:

We live in an era of digital vulnerability where any leakage of user personal data can cause severe problems for both companies and individuals. Companies are aware of these risks and give their best to protect users’ data. However, cybercrime is rising, and hackers are becoming more organized and sophisticated.

Even with all preventive methods, data breaches and misuse of personal data are still a common occurrence, especially in: e-banking, entertainment, e-commerce, social platforms, health system, and the educational system.

Additionally, the average cost of a data breach for a company has never been higher. In 2021, the
number reached $4.24 million per incident.

When hackers use the user’s personal information to cause damage, like data theft and selling data, the users’ rights have been violated, and the consequences can be severe.

The ruthlessness of media outlets

Every public company is under the media’s watchful eye in today’s digital world.
When it comes to data breach scandals, the most important thing is to inform the public correctly by giving statements in the media.

The crisis PR management team must forestall the media and communicate the situation concisely and clearly as possible. If journalists find even the slightest irregularity in the company’s business, be sure that they will cover all the minor details, and they won’t stop until they dig up everything.

If the company doesn’t react quickly and tactfully, its reputation can be severely damaged. In other words, a brand can remain permanently marked by an incident, which can result in poor public image and lack of customer trust and loyalty.

Not to mention countless lawsuits, losing significant amounts of money, and media presentation of the incident. Research also indicates that 81% of consumers would be willing to abandon certain brands after suffering data breaches. Thus, communicate everything as if your company’s future depends on it. Because, well, it does.

Your public statement needs to be flawless

Ensure the media gets the right picture about the data breach. It’s best to hire a team of experts, communicators, lawyers, and consultants to release the clearest statement for the press and ensure appropriate corporate communication.

Media press releases mustn’t contain unreliable or incomplete responses to the incident. Otherwise, be ready for dramatic consequences, additional incidents that will build on the story, a ton of reactions on social networks, taking words out of context, and media spin in favour of sensationalism and profit.
Most importantly, never try to hide or disguise the incident. The media will find out one way or another, tearing the company apart.

Take full responsibility for the incident

When a data breach occurs, unprofessional companies and their communications teams often blame a third party or defend themselves by saying there is no evidence that a data breach has occurred. Even worse, they say there was a data breach, but hackers didn’t misuse the personal information to a large extent, and no real damage was caused to the users.

That isn’t a wise strategy at all, and you should avoid it. Yes, you must still launch an investigation, but your primary task is to take full responsibility and explain to users what happened. Show that the company is fully prepared and ready to deal with the leaking information and that you will do everything in your power to bear the consequences.

Show empathy and understanding for your users

It’s not enough to just inform the users – you have to convey compassion, empathy, and understanding. Ensure you apologize and let them know you are genuinely sorry they have to go through this. After all, they are people whose rights have been violated and who often are not fully aware of the consequences that information leaking brings.

Users need to see that you care and will do everything in your power to make things better. That way, they’ll feel that you are dealing with their problems, and they can remain loyal to the brand. Avoid the strategy of not notifying millions of users, like Facebook in 2019.

Instead, notify users about the incident promptly via all communication tools: SMS, emails, social platforms, website, media. Even if the situation is hostile, users will appreciate its efforts to warn them. Don’t let them find out about sensitive topics concerning their privacy via the media.

Secure the users’ online privacy

No company or individual is immune to cybercrime or private data theft and attacks. Luckily, there are always innovative solutions to protect and monitor personal data. However, while companies have the biggest responsibility, consumers should also consider certain red flags.

For instance, taking good care of passwords and using smart data protection tools like Virtual Private Networks. The latter devices are great for defending against certain data leaks.

Furthermore, it’s very important to explain to users how the data breach came about and what measures the company will take not to face similar situations in the future. It’s best to openly give them all the facts and guidelines on protecting themselves from a data breach and how the company will protect them in the future.


Any digital presence will always bring the risks of cyber-attacks and fraud in every business involving users. The good news is that you can take many precautions in these cases.

Be transparent about it, prepare the best possible crisis communication plan, and speak to users correctly. That way, it’s easier to gain users’ trust back and have the brand painted positively by the media.