Using Twitter for Public Relations During a Data Breach Incident

Data breaches happen to organizations of all shapes and sizes. A critical aspect of such security incidents is the manner in which the company handles public relations (PR), keeping affected customers appraised of the situation. Twitter, if used correctly by the organization, can be a powerful vehicle for dealing with this aspect of the breach.

Consumers Turn to Twitter During Site Outages

Microsoft and Psychster Inc. conducted research to explore how to use Twitter to reassure users during a site outage. Though the study looked at generic IT crises, we can learn from its findings how to use Twitter as a mass-scale communications platform during a data breach. The relevant findings of the study included:

  • "Half of the respondents would consult a Twitter feed to get information about an outage."
  • The Tweets "tended to reduce negative feelings about the outage and increase the perception that the responsible company cares."
  • Users were less likely to contact customer support of the Tweets acknowledged and explained the situation—"but only when the tweets were made by an employee/social media manager rather than the company or its executives."

We can reinforce these findings by observing how airlines, such as JetBlue, have been using Twitter to assist customers dealing with flight delays. In addition to assisting with itinerary logistics, such communications reassure customers that the company is looking out for their interests.

Twitter Can Help With Data Breach PR

An organization should be able to use Twitter to appraise its customers how it is handling the data breach. Such Twitter communications might include:

  • Acknowledging that the security incident occurred
  • Clarifying what the company knows about the breach (who, what when)
  • Explaining what the company is doing to investigate the incident and protect the users
  • Offering tips for what the users might consider doing to protect themselves in relation to the incident
  • Offering additional ways to get in touch with the company’s representatives using phone, email, etc.

Exercise Care With Twitter for PR

A few caveats regarding the use of Twitter for breach-related PR:

  • Since Twitter limits the number of characters that can be incorporated into a Tweet, the company should consider hosting longer messages elsewhere—but not on the breach-affected infrastructure—and including the links in the Tweets.
  • The company needs to establish a Twitter account in advance of the incident as a way of confirming the authenticity of the account. Twitter is setting up a "Verified Badge" program, but it is currently closed to the public; still, see if you can find a way to get the badge.
  • The company should use a strong password for its Twitter account. It should also consider the security of the mechanism Twitter would use to reset the “forgotten” Twitter password to make it more difficult for an unauthorized party to take over the account.
  • The company should consider how non-customers—such as the press, the intruder and government officials—will perceive its Twitter communications.

More on Incident Response

For additional tips regarding security incident response, see:


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more