The other day I received two emails from separate companies letting me know that their database marketing vendor Epsilon had been hacked, both using the same text for their message.

Dear Customer:

We were notified by our database marketing vendor, Epsilon, that we are among a group of companies affected by a data breach. How will this affect you? The company was advised by Epsilon that the files accessed did not include any customer financial information, and Epsilon has stressed that the only information accessed was names and e-mail addresses. The most likely impact, if any, would be receipt of unwanted e-mails. We are not aware at this time of any unsolicited e-mails (spam) that are related, but as a precaution, we want to remind you of a couple of tips that should always be followed:

  • Do not open e-mails from senders you do not know
  • Do not share personal information via e-mail

Hilton Worldwide, its brands and loyalty program will never ask you to e-mail personal information such as credit card numbers or social security numbers. You should be cautious of “phishing” e-mails, where the sender tries to trick the recipient into disclosing confidential or personal information. If you receive such a request, it did not come from Hilton Worldwide, its brands or its loyalty program. If you receive this type of request you should not respond to it but rather notify us at

As always, we greatly value your business and loyalty, and take this matter very seriously. Data privacy is a critical focus for us, and we will continue to work to ensure that all appropriate measures are taken to protect your personal information from unauthorized access.

This message doesn’t apologize for the inconvenience to me (the customer) and minimizes the perceived inconvenience by suggesting the impact to me will be minimal–maybe just some spam.

It’s almost worse than no apology–saying some words that sound like an apology and then talking about how the damage from the event being apologized for “won’t really be that bad anyway.” Then take it a step further by asking me to be vigilant so that nothing bad happens.  How is this supposed to make me feel good about the companies sending me this email and have confidence in them?

In Apologize Immediately, Chris Brogan suggests three ways to move forward when you’ve messed up :

  • Acknowledge
  • Apologize
  • Act

Following Brogan’s suggestions above, if you really want me to feel better and continue to hold your company in high regard, take responsibility, give a genuine apology and then let me know you’re really doing something about the situation.

How about a response like:

We are sorry that this happened to you and we are taking all measures possible to make sure it doesn’t happen again.

We hate spam as much as you do and to show we’re sorry we’d like to give you $10 off your next visit.

We take situations like this very seriously and have have exercised our rights under our contract to perform our own security audit of our vendor’s environment to insure that it meets our high standards.

Image by Leonard John Matthews via flickr used under a Creative Commons license.