CAMPAIGNS: Crisis Management - Lewis lends a hand after hack attacks

Client: Fiserv

Client: Fiserv

PR Team: In-house and Lewis PR

Campaign: Protecting Fiserv's corporate reputation

Timescale: 36 hours from 24 September to 25 September

Budget: Part of retainer

US-based Fiserv is an independent provider of data processing and information management software for the financial services industry. It employs over 13,000 people in 100 countries and has 10,000 global customers, ranging from insurance companies and broker-dealers to banks and building societies such as Egg and Cahoot.

Corporate matters are driven by HQ in Wisconsin, but Fiserv also has a large London office servicing EMEA.

For the past 18 months, this UK operation has used technology specialist Lewis to support its PR activity.

On 24 September, the Observer ran a story on page 3, alleging that a hacker had breached Fiserv's technology and security.

Ralph Dressel, a software analyst at Royal Skandia Investment Bank, claimed he used information found on Fiserv's web site to access thousands of other people's accounts.

In the wake of other on-line security problems suffered by the likes of Barclays and Powergen, this was potentially a major reputation problem.


To balance out a negative story with the facts as soon as possible, so that a local story did not mushroom into a global story.

With no right to reply from the Observer for at least seven days, it was vital to stamp out any misinformation through the on-line newswires.

Strategy and Plan

The first problem was that at breakfast time on Sunday, Fiserv and Lewis in the UK, could contact neither the Observer journalist who had written the story, nor the so-called hacker Dressel.

In addition, the six-hour time difference with Fiserv's technical team in the US, meant that the facts of the matter were still unclear.

However, as the day progressed, Lewis's crisis management plan swung into action and by the following morning at 7.30am GMT, Fiserv's corporate team in the US was up to speed on the original story, plus follow-up articles on news sites such as The Register and

Fiserv launched an immediate investigation and the PR team ensured that all the on-line newswires and other editorial contacts were aware of what was going on and when a result could be expected.

On Monday 25 September, at 4pm GMT, Fiserv president and chief executive Leslie Muma issued a statement explaining that Dressel had accessed only demonstration data used for training and sales purposes and that security had not been compromised.

To help journalists, the PR team posted up information in Fiserv's virtual pressroom and Muma made himself available for comment. No doubt aware that the story could spread and mutate, Muma's statement was also disseminated to all key Fiserv staff around the globe.

The final nail in the coffin of the Observer story came from which ran a story stating: 'Claims by an internet hacker that he had breeched security proved to be a mirage.'

Measurement and Evaluation

As PR Week went to press, this episode had not been formally evaluated.

But according to Lewis account director Clive Booth, when it is, the factors his team plans to examine include speed of response, whether key messages were put across in the media, and in the aftermath, Fiserv's standing with journalists.


By acting swiftly on a tried and tested crisis plan, the PR team overcame logistical difficulties to prevent an issue becoming a crisis. Before the facts, Fiserv resisted the temptation to speculate, but the media was kept well-informed and given a timeframe.

Fiserv chief Muma also played his part in getting a handle on the story before it became global news.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in