4 Customer Service Lessons from the Equifax Cyberattack

Lara Kleinert VP of Business Development

On Sept. 7, 2017, Equifax reported that a cyberattack had allowed hackers to access sensitive information for 143 million Americans, including Social Security and driver’s license numbers, birth dates, and addresses.


As a customer experience professional, you can’t always control website vulnerabilities; however, when security breaches happen, you’re responsible for handling customer concerns. Most importantly, your company will be defined by its response to the situation. A big part of this responsibility falls to the front line customer service team. Make sure you’re prepared.

Communicate with your staff AND your outsourced staff: Following the announcement of the security breach, according to an article in Fast Company, when a reporter called the company, neither a customer service representative or her supervisor were aware of the breach. While Equifax may have been diligent about communicating the details of the breach to their own employees, outsourcing partners managing the contact center may have dropped the ball on communicating to their own front-line employees. Companies using third-party outsourcing partners to manage their contact centers need to ensure that the outsourcing provider can show a clear communication plan that includes a combination of in person meetings and digital alerts. Employees and staff at all levels should receive training on:

  • Details and timeline of the event itself
  • Impact to consumers
  • Anticipated frequently asked questions
  • Strategies for remedying customer concerns
  • Escalation plan

Assume responsibility: Assuming responsibility means more than apologizing when things go wrong. It also means minimizing the amount of customer effort to rectify the situation. It may seem counterintuitive to spend extra time on the phone with a customer walking them through a series of steps when the phones queues are backlogged. But, no customer wants to have the onus for fixing the problem placed back on them when they perceive the company to be at fault.

Understand why your customers are calling: Contact center advisors often have to be part support person, part psychologist. Understand that while the customer’s question may be, “Was I affected by the data breach,” the real questions below the surface may be, “What is the threat to my bank account?,” “Will I have to pay debts someone else incurs?,” “Could identity theft put me at risk with the law?” Additional training for front line staff in understanding the psychology of affected customers and applying extra empathy in situations where personal security is at risk is crucial to maintaining the company’s reputation.

Have a comprehensive plan to manage spikes in call volume: In conjunction with the announcement of the security breach, the creation of allows users to check whether their personal information was exposed. Web self-service is a step in the right direction, but it won’t be enough to stem the onslaught of phone calls to the contact center. In crisis situations such as this, call volumes can spike exponentially. It’s important to develop a comprehensive strategy.  For example, tap existing staff for all possible hours, implement shift extensions, use split and flex schedules, and roll out incentives to entice overtime commitments with associates. Be willing to deploy an all-hands-on deck tactic for trainers, coaches, and team leads, when adverse events happen.

No business wants to be involved in an adverse event, but when situations occur, going the extra mile to make things right and regain customer trust can go a long way toward restoring a company’s reputation in the marketplace.