Breach Notification Comparison: Marriott vs. Quora

Days after Marriott announced its 500 million customer data breach, Q&A site Quora announced 100 million customers had their information hacked by a "malicious third party." 

With two massive breaches announced so closely together, the companies provide an interesting contrast in the breach notifications they posted to the world.

And it raises an important question for cybersecurity leaders and those responsible for communicating about a data breach.

What kind of tone will your notice put forward to your customers about your brand at a moment of failure?

Online breach notice and where it lives: Marriott vs. Quora

• To read Marriott's online breach notice, you actually will be on their law firm's website, where the notice lives.
• To read Quora's breach notice, you will go to the company's blog.

 Breach notice tone: Marriott vs. Quora

• Marriott uses a lot of colder, third-person type of language, what you might consider "corporate speak," for example:
  • "Marriott values our guests and understands the importance of protecting personal information."
  • "Marriott deeply regrets this incident happened."
  • "Marriott has taken the following steps to help guests monitor and protect their information"

As you read through these quotes, can you hear the tone? Marriott is not talking to me, the company is talking about me. Keep that in mind as you read on.

• Quora's breach notice uses a much warmer and personal tone, what you might consider "authentic speak," for example:
  • "We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party."
  • "We also want to be as transparent as possible without compromising our security systems or the steps we're taking, and in this post, we’ll share what happened, what information was involved, what we're doing, and what you can do."

  • "We're very sorry for any concern or inconvenience this may cause."

Doesn't it feel like Quora is talking directly to you? That's the benefit of the approach Quora takes here.

Breach notice final paragraph: Marriott vs. Quora

And now let's look at the closing sentences of each online breach notification. Marriott goes for the corporate speak approach, Quora goes for sincerity. 

Marriott:

"Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center. We are supporting the efforts of law enforcement and working with leading security experts to improve. Marriott is also devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network."

Quora:

"It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust."