A colleague of mine at PR News was not pleased to see an e-mail today from Citi Cards. It came after Citigroup said that hackers had gained access to the accounts of thousands of its credit card customers, and her first reaction to the e-mail was that she was among those unlucky customers.
The e-mail turned out to be a marketing missive about paperless statements.
"Why are they sending me a marketing e-mail, today of all days?" she said. "I almost fainted when I saw it."
This was a very good question, although we know that marketing e-mails can be juggernauts that can't be easily stopped once they're in the queue. Still, one has to wonder if the PR team at Citigroup got in touch with marketing to see what kind of communications were going out, or if marketing sought out the advice of the PR team.
Citigroup reportedly told the Financial Times of the breach late on the night of June 8, and the e-mail hit inboxes around 2 p.m. on June 9. This would have been a good day to not send out e-mails of any kind, except to those customers whose accounts had been breached. Today, no one wants to hear a peep from Citi Cards if they're a customer—no news is definitely good news, in this case.
The e-mail about paperless statements has not helped Citi's reputation by any stretch. And so we come to yet another lesson learned about crisis management and online data breaches: When your company is a victim of hackers, check with marketing to see what they've got in the e-mail queue.