Post Page Advertisement [Top]


Of Data and Airlines
A Crisis Poorly Handled


It’s both what you say and how you say it that’s important. In a crisis, credibility and empathy stand out as two of the most important factors – for stakeholders believing you, and for the opportunity for reputational return.

Without these in unison, your chances are pretty slim.

So that brings me to an incident today.

Malindo Air, and its data breach affecting potentially over a million customers – customer names, addresses, phone numbers, passport details, dates of birth – enough data to actually do some serious damage, especially in the wrong hands.

The story broke online around lunchtime today, and was trending this afternoon for a while.

On the surface, it appears Malindo did the right things in containment … UNTIL … their spokesperson murmured a few words, and their PR team released a Media statement.

Then, CREDIBILITY LOST.

As netizens are getting angry at yet another failure to protect their rights with respect to data; Malindo’s authorised representatives failed on two levels.

Malindo CEO spoke to news media (South China Morning Post; quoted in other articles), and admitted that they were aware of the issue as early as last week – so what happened in the intervening days – when they could have reached out to affected stakeholders – but chose to keep it hush-hush.

Their press release today made it sound like they were just jumping to action regarding this issue – yet the issue is already passed.

So, are their stakeholders important to them?

Today’s acknowledgement of the issue suggests not.

But let’s delve further into their response mechanism – the media statement. This is the one to me that really says that the stakeholders are marginal at best, certainly not prioritised.

“Malindo Air has put in adequate measures to ensure that the data of our passengers is not compromised in line with the Malaysian Personal Data Protection Act 2010”.

It’s all in the choice of words. And I’m not impressed!

Words have meanings beyond their written form – words have tone and texture too – which help to construct depth of meaning. The choice of words used in the press release signify that they are underplaying the issue, and have not prioritised this concern for affected customers.

The tone of the term adequate measures shows a very casual approach to the overall issue for data protection, but also tries to put itself on top of the issue, and contract itself out of the issue before an actual investigation is made. The words are weak, and do not inspire confidence at this time, and offer no reassurance to those impacted.

Media statements in times of crisis need to be both factual and empathetic. This one comes across as weak, evasive and condescending, and smacks of attempting to evade responsibility for something that, regardless of cause, they have a responsibility for. Not exactly trust-building or credibility-enforcing from the written word perspective.

“We are in the midst of notifying the various authorities both locally and abroad”. The Borneo Post quote the CEO as telling the South China Morning Post that they were aware of the issue last week; but … had only initiated an investigation yesterday (Tuesday).

If this was known about last week, why has this not already been done, but written in the present tense as only just started after it went public today. A knee-jerk reaction which doesn’t tally between the words of the spokesperson and the official media statement released.

More like, “shit happens; we’ll deal with it when the time is right”.

Key in crisis management of any form is making sure everyone is working from the same playbook – not sewing seeds of discontent by appearing to have different versions of the story. Alignment between the CEO’s information and the Media Statement issues should have been paramount.

And worse still, no apology whatsoever.

Your fault or not, it is always good to demonstrate some form of remorse or issue an apology to those affected. Issuing an apology is not an issue of guilt, but a connection of humanity which should be done at the earliest stages.

Not exactly the endearing attitude or comforting words that one wants to hear.

____________________   

Malindo’s published Media Statement as below:

Petaling Jaya, 18th September 2019 - Malindo Airways Sdn Bhd has come to be aware that some personal data concerning our passengers hosted on a cloud based environment may have been compromised. Our in house teams along with external data service providers, Amazon Web Services (AWS) and GoQuo, our e-commerce partner are currently investigating into this breach.

Malindo Air has put in adequate measures to ensure that the data of our passengers is not compromised in line with the Malaysian Personal Data Protection Act 2010. We also do not store any payment details of our customers in our servers and are compliant with the Payment Card Industry (PCI) Data Security Standard (DSS).

We are in the midst of notifying the various authorities both locally and abroad including CyberSecurity Malaysia. Malindo Air is also engaging with independent cybercrime consultants to investigate and report into this incident.

As a precautionary measure, we would advise passengers who have Malindo Miles accounts to change their passwords if identical passwords have been used on their other services online. We will continue to provide further updates through our website, mobile and social media platforms.
__________

Sources:   https://www.focusmalaysia.my/Snippets/malindo-air-investigates-passenger-s-data-breach
                 www.malindoair.com

No comments:

Post a Comment

Bottom Ad [Post Page]

| Designed by Colorlib