Equifax turned its hack into a public relations catastrophe

Top PR nightmares: What went wrong
Top PR nightmares: What went wrong

It's hard to imagine how Equifax could have handled its data breach crisis worse.

"All they've done is terrify people more," said Ed Zitron, founder of media relations company EZPR.

How badly did Equifax screw up?

• Equifax waited six weeks before it announced its massive breach that compromised the data of 143 million Americans.

• Three Equifax executives sold shares days after the company found out about the hack.

• Equifax chose not to notify people who were affected; instead it set up a website.

• The website wasn't ready for days. People who entered their information were told to come back later.

• Equifax offered free credit monitoring, but it initially required enrollees to waive their right to sue the company.

• It later backtracked, allowing people to sue -- if they send Equifax written notice within 30 days. Equifax has not removed the opt-out language from its general terms of service, but later assured customers that it won't be applied to use of the credit-monitoring service.

• A customer service representative tweeted "Happy Friday!" from the Ask Equifax Twitter account last week.

• Freezing credit is the best way for victims to protect themselves, but Equifax charges for freezes and has not made it easier to accomplish. On Monday, Equifax said in a tweet that "in response to consumer feedback, Equifax will waive all Security Freeze fees for the next 30 days."

• Equifax assigned easy-to-guess PINs to people who froze their credit.

• CEO Rick Smith stayed mum until a USA Today op-ed on Tuesday.

• Equifax has still failed to say how many people in the United Kingdom and Canada were affected.

A PR nightmare

Public relations experts are shaking their heads in disbelief.

Equifax's leadership needs to be far more transparent, says Ronn Torossian, CEO of the public relations agency 5WPR.

"I want to know how did this happen ... and where do we go from here," Torossian said. "This needs to come directly from the top."

Related: How to find out if you're affected by the Equifax hack

Equifax's Smith should have addressed the breach more directly, said Zitron. The company "didn't seem in control," he said.

Instead, Equifax's leadership appeared to be confused, leaving consumers feeling bewildered.

Why Equifax fell short

Equifax (EFX) is suffering from the same bad decisions many big companies make after a crisis.

Zitron said that corporations tend to suffer from a "failure by committee" when it comes to handling crisis communications. They tend to hire multiple agencies, giant legal teams and dozens of communications managers.

Related: What's the worst that can happen from the Equifax hack?

Too many decision makers yield a slow response, which results in negative attention.

"Equifax will not be defined by this incident, but rather by how we respond," Equifax (EFX) CEO Rick Smith said in a video statement published on Thursday. So far, that response has been lacking.

What Equifax should do now

To try to fix its communications strategy, Torossian said Equifax should be clearer on how it plans to rectify the situation.

"I think they need to be speaking more," he said. "I think they need to be speaking clearer."

Related: 4 things companies must do in a PR crisis

Zitron said Equifax "should be contacting every single person affected." Beyond that, Equifax could be doing more to help consumers, like helping people freeze their credit.

No matter what, Zitron said, it'll be an uphill battle.

"I don't even know what they could do to make this up to people."

Personal Finance

CNNMoney Sponsors