Personal information of more than 500,00 guests was stolen from the Starwood reservation system. Exposed data includes payment card information, and critics say the company could have avoided the breach years ago. In 2015, Starwood announced a small breach, which cybersecurity experts say should have inspired the company to do more at the time. Starwood argues it didn’t realize the risk, and Marriott leaders argue that they had not yet acquired Starwood. On Friday, Marriott shares were down 5.6%.

A notice at the top of the Marriott homepage reads, “For more information on the Starwood guest reservation database security incident, please click here.” Although the breach was from a Starwood database, the media is consistently reporting the news as “Marriott.” That link and a press release on the website both go to legal sounding statements, although they do provide FAQs at the bottom.

Lawsuits have already been filed against the company for failing to protect users’ data.

Discussion:

• Is the company taking adequate responsibility for the breach? Explain your response.

• How can Marriott respond to this crisis and protect the brand at this point?

• How can the website information be improved? Consider the primary and second audiences, communication objectives, organization, writing style and so on.