Keep Calm, Say Nothing – QNB’s response to the customer data hack crisis

Qatar National Bank's reputation has literally gone down like the Titanic according to this visual from a reader of Doha News (source: Doha News)

Qatar National Bank’s reputation has literally gone down like the Titanic according to this visual from a reader of Doha News (source: Doha News)

Like it or not, there will be times when the proverbial @#$% hits the fan. Each and every organization will go through a crisis. What matters is how an organization responds to the crisis and communicates this response.

Before I talk about the bank in question, I want to step to talk a little about crisis communications. Crisis comms is an artform, and some people (who get paid lots of money) do crisis comms for a full time living. When dealing with a crisis, communications theory states that there are three steps. The first is pre-crisis, which involves setting up a team and processes (the who and the how), and then practising for situations that are likely to occur. The second phase is the crisis itself, and the third is post-crisis and fixing the issue.

Last week someone allegedly released a huge amount of customer data which was hacked from Qatar National Bank. The 1.4 gigabyte file was put online for download. A data hack of customer information is one of the worst things that can happen to a retail bank. But it gets worse. To quote from Doha News.

The data included the financial and personal information of thousands people, many of them QNB customers, and is being spread widely on social media and file-sharing websites.

Cyber security experts said as many as 400,000 customers could be affected, in what is being called one of Qatar’s biggest data breaches.

Since yesterday, several customers have reported attempts to break into their bank accounts, although these appear to have been blocked before any transfers took place.

Others have said there have been attempts to access and even alter their social media accounts.

Yes, it was that bad. But instead of communicating and advising customers on what to do and how to keep themselves safe, QNB’s media team didn’t say a thing. Well, almost. Again, back to Doha News.

More than 24 hours after the data breach became public, QNB has not answered questions from Doha News on what actions customers should take to protect themselves and many customers say they have yet to be contacted by the bank.

Online, it has continued to respond to questions by pointing to yesterday’s statement that said it does not comment on “social media speculation,” even though the confidential information about thousands of its customers is online for anyone to access.

According to the reaction of dozens of customers, some of the information is correct. And yet, even QNB’s Call Center and retail branches are holding fast and not saying anything. One customer was allegedly told that the allegations were ‘propaganda’.

All credit to Doha News. The Qatar-based news website has covered the issue from its beginning with a level of thoroughness that should be a lesson for all local media outlets in the region. The last piece it ran was about a website which could help QNB customers check if they were hacked or not.

Doha News has also been doing much of the work which should have been done by QNB itself, namely advise customers on what is happening, tell them what action they should take and why. QNB’s silence on the issue is a classic example of how organizations in the region used to deal with a crisis prior to the advent of social media. You dig your head in the sand and hope it’ll go away. Well, this is what they’ve done and their reputation has gone down with the Titanic.

Instead, they should have been responding through all consumer-focused communications channels, including social media (a digital crisis consultant I respect greatly and ex-head of comms for the BBC, Donald Steel, advises that any online response should take no longer than 15 minutes). By acknowledging the problem, by explaining how their customers can keep safe, and by promising a review of their security setup, QNB would have helped to have turned a crisis into an opportunity to demonstrate both transparency and concern for customers and their well-being.

In their response (or lack thereof) QNB has looked archaic and they’ve compounded the damage by seeming not to care. I hope that others take stock of the online backlash and understand that when it comes to a crisis in the Gulf, silence is never golden.

4 thoughts on “Keep Calm, Say Nothing – QNB’s response to the customer data hack crisis

  1. “Say nothing” strategy might work out in certain crisis cases. It is not an uncommon approach, especially in political crisis comms (when there is no appropriate response), in the situations when critical topic can be overlapped by putting more important (or more scandalous) topic on the agenda, or when raising awareness about the critical issue might bring more damage regardless of the response. I may understand why QNB opted for this strategy – probably they did not want to increase awareness of current and possible customers about the crisis; however, their decision is deeply wrong. The topic is hot and spicy, it is quite shareable offline, online and through word of mouth. Simply, it looks predestined for quick spreading, devastating reputation like burning weed. Therefore, I completely back up your point: if there is no proper and timely response, such crises can make serious damage to the business operations.

  2. Pingback: Qatar Airways, QNB ranked among the region’s most valuable brands – InBusiness

  3. Pingback: Qatar Airways, QNB ranked among the region’s most valuable brands - Doha News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s