How not to tell customers their data is at risk: the perils of the Optus approach

·3-min read

Optus fears data on up to 9.8 million of its customers has been accessed in a sophisticated cyberattack – including, for some customers, passport and drivers licence details, as well as phone numbers, dates of birth and email addresses.

It made the announcement through the media, in the middle of Thursday’s national day of mourning public holiday, and during the four-day long weekend in Melbourne in the lead-up to the AFL grand final.

At first, it didn’t text or email its customers. Instead, it issued a press release in the belief this was

the quickest and most effective way to alert as many current and former customers as possible, so they could be vigilant and monitor for any suspicious activity.

Trust in the media is at an all-time low. Communications authority Edelman reports that globally, only 50% of people trust the media, down from 62% a decade ago. Far more people (61%) trust businesses.

Tweets rather than texts

It has been conventional wisdom that brands should take an integrated approach to marketing communications. Many channels are better than one, increasingly so as audiences for traditional channels continue to fragment.

An integrated marketing approach need not mean communicating through every available channel, but it should mean strategically selecting channels that are trusted and consumed by the brand’s customers.

Read more: This law makes it illegal for companies to collect third-party data to profile you. But they do anyway

One of the best channels Optus has is its own phone network, and it is experienced in using it to contact its customers.

Customers are likely to expect this where Optus has something important to say, and they are likely to trust a direct message from Optus more than one filtered through the media.

They are even likely to spread it via word of mouth through friends who also use Optus, giving the company a continuing role in shaping the message.

Instead, Optus backed up its press release with tweets.

Optus has around 5.8 million active users, around 21% of the Australian population. They are a cross-section of the population, having little in common other than the fact they use Optus for communications.

Some of Optus’ customers, especially those in Gen Z, might not use traditional news media. They wouldn’t have received the message through that channel.

Former customers dating back to 2017 are also likely to be affected by the breach, taking the total affected to around 9.8 million, about one third of the population.

Twitter is used by about only about 18% of the population, and the overlap with Optus customers might not be large.

What can brands learn from Optus?

As marketing and branding experts, we’ve distilled three lessons, each well known before the data breach.

  1. When you have news affecting your customers, tell them before anyone else, in a personalised, one-to-one approach.

  2. Use channels that are trusted and consumed by your customers.

  3. Encourage word of mouth through your relationships with your brand community and loyal customers.

This article is republished from The Conversation is the world's leading publisher of research-based news and analysis. A unique collaboration between academics and journalists. It was written by: Edwina Luck, Queensland University of Technology and Nicholas Grech, Queensland University of Technology.

Read more:

Nicholas used to work for Edelman.

Edwina Luck does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.