Your members don’t care how or why their private information was published online. They don’t care what steps you’re taking to secure the site or make sure it doesn’t happen again in the future.
And they certainly don’t care how upset or violated you feel about it.
They only care how likely they will be hurt socially or financially.
Any message you send after a hack that doesn’t tackle their core questions is a waste of oxygen.
E.g.
- Will my friends/colleagues see my embarrassing pictures or compromising e-mails?
- Will I be charged for things I didn’t buy?
- Will my husband/wife discover I’ve been having an affair?
You need to explain clearly how likely that is, how to reduce that likelihood, and how to prepare for the worse case scenario outcome.
For example, if a member works at a known organization (government or top brand) and used their work e-mail account – they probably will be socially exposed.
Of course the much better approach is to assume you will be hacked and plan for it today. If you’re holding sensitive information, tell members not to use their real names or identifiable e-mail accounts. Strip away personally identifiable information.
You might not be able to stop every hack, but you can predict from other organizations what’s likely to happen and prepare today.
p.s. Bas, Mark, Alena, and others collaborated to put together a few ideas to prevent data hacks. I recommend you read this discussion.