Not a month goes by without a high profile data breach in the U.S.

News this morning has it that 5 million customers who bought items in-store at Saks Fifth Avenue/Lord and Taylor stores, owned by the same parent company, have had their credit card info stolen and sold by hackers who installed malware at point of sale terminals.

How will these high-end stores respond to customers whose data has been compromised and how are they showing the regulators and press that they’re on it?

A quick perusal of the Saks website this morning turns up nothing about a data breach, only a note at the very bottom of the home page that says, “We are dedicated to our customers 24/7,” and provides contact info.

Lord and Taylor, on the other hand, has an “Important Notice” link at the very top of their home page, which takes readers to a statement and FAQ’s about the data breach and provides a toll free hotline and other contact info. Thumbs up on keeping customers informed, reassured and accommodated. And way to show those who are grading your response that you’re doing your best to communicate swiftly.

Not so much Saks, at least not yet.

Similarly, on Twitter, Lord and Taylor’s Tweet & Replies feed is full of responses to concerned customers. Saks? “Give your jewelry game more personality by layering on more colors.”

The moral: if you’re going to have your info stolen, do it at Lord and Taylors, right? But seriously, even organizations owned by the same parent company have different teams and leadership following different response protocols. Some are ahead of the curve and some struggle to catch up in a crisis.

How do you get a good grade on your crisis response? Because that is one of the critical elements companies are graded on in the media, by customers and by regulators and policy-makers. It is paramount to be prepared to execute a crisis response plan or to engage a team that can parachute in and handle communications if in-house resources aren’t equipped to do so.

As communicators in a crisis, we often advise clients not to make more people aware of the problem than there already are. But for these two companies, that would be a bad play. This is national news. More people are hearing about their brands today than have in years – and not in a great way. The best mitigation strategy is, of course, the tops in cyber security response (like Austin’s AllClear ID) and a bend-over-backwards communications game.

Watch for smart cyber security firms to form alliances with crisis communications teams, bundling their services and specializing in a phenomenon that is now increasingly common place.

UPDATE:
4/2
Saks Fifth Avenue has since added an Important Message page to their site similar to Lord & Taylor’s. Tweet & Replies page remains Spring accessory-focused, however, unlike Lord & Taylor’s, who seem to be responding to concerned customers around the clock.