We are now in week three of the DraftKings and FanDuel (and, apparently, other online sportsbooks) cyberhack, phishing attack, password scam, third-party breach, whatever you want to call it.
The FBI is involved now, and one day we may get the full accounting of what happened when thousands of customer accounts were taken over by bad actors, with many of the afflicted seeing their personal bank accounts drained.
And for the afflicted, it’s not over yet, as evidenced by a quick twirl around Twitter.
Been 2 weeks since @draftkings locked my account and they still refuse to send me my money. Never ever use them, they are shit mongers
— Corey (@captnmericah) December 5, 2022
@FanDuel_Support account been locked for 16 days 😒
— Reezy (@Reezy888) December 6, 2022
@DraftKings My account was hacked on “hack day”, 11/20. Funds were stolen and account has since been locked after contacting customer “service”. No help has been provided and it’s been two weeks. I was told everything was fine and to reset my password, which I did…
— Michael King (@mkingpga) December 4, 2022
I been locked out of my @DraftKings for a few weeks now and Costumer Support just don’t email me back lmfao
— KMiD (@iHaTeKMiD) December 4, 2022
So while we still don’t know exactly what happened here, it’s reasonably safe to say the following: DraftKings, FanDuel, the government regulators, and the industry as a whole dropped the ball from a PR perspective. And by “dropped the ball,” I mean “dropped the ball, poured gasoline on it, lit it on fire, and then punted it into an orphanage.”
In short: This was, and continues to be, a colossal PR disaster. One that might even be taught in the classroom one day.
“DraftKings needs to address communication with its customers,” said Nancy Wiencek, a former PR professional and current chair of the communication, journalism, and media department at Rider University in Lawrenceville, New Jersey. “Best practices suggest that the response should be quick, accurate, and consistent. Sounds like communication is lacking.”
Full disclosure: Nancy is awesome. I’ve known her for years and have worked alongside her at Rider. She’s not a “throw under the bus” kind of person. She’s legit gobsmacked by, particularly, DraftKings’ handling of the matter.
“The organization should tell its side of the story to its customers before others speculate or attack the organization — the idea is to avoid an information vacuum. In this case, it seems like this has angered the customers,” she said. “The goal is to preserve the customer relationship and manage expectations, as well as to minimize reputational damage. While an apology might not be strategic — it could imply guilt — expressing concern or regret for the situation could be appropriate. The organization also needs to consider how best to deliver the message quickly — social media, its website, and the media would be most likely sources.”
Yeah, well … not so great in those departments, as it turns out. Have you seen mention of any of this anywhere on DraftKings’ of FanDuel’s website or app? I have not. Has DraftKings or FanDuel apologized? Not quite. The best I’ve seen in that department is “we … appreciate the patience of our customers” from DraftKings.
Thousands of people literally had money stolen from them, and nearly three weeks later, the issue is ongoing. That’s forgivable. Sh*t happens. But from a public relations and crisis communications standpoint, this has been ugly.
Learn your C’s
“All crisis managers have different ways of dealing with this kind of thing, but for me there are what I call the ‘Five C’s’ that are particularly important when you’re communicating in these reputation-threatening situations,” said Jeff Leshay of Leshay Communications, a firm with a specialization in, among other items, crisis management.
Let’s run through these five C’s and give the industry — really, DraftKings and FanDuel — a grade.
“You really need to communicate what you know to be factual, what you know to be true,” said Leshay. “Sometimes you don’t know much, but it’s helpful if you can share what you do know for sure. As simple as, ‘A particular issue has happened, and it has impacted some of our customers, and we don’t know the cause, we’re looking into that.’”
GRADE: C-. Why? Because it wasn’t like DraftKings, FanDuel, or anyone issued a press release alerting the world — and its customers — to what was going on. It took a report from The Action Network to get this story out into the open.
“Letting your audience know you genuinely feel for them, that any inconvenience or concern this has caused them is of concern to you, that ‘we empathize, we feel for people who are concerned,’ that kind of language that shows compassion and empathy,” Leshay said.
GRADE: F. I mean, did they even try? Customer service — at both FanDuel and DraftKings — was beyond unhelpful for many bettors. It doesn’t exactly scream “compassion” when your bank account is drained, and instead of the company fixing it, people get different customer service representatives spitting out the same platitudes and/or locking people out of their accounts due to misplaced responsible gaming controls. Outrageous.
For the record, the government also sucked at this. The official response, for instance, from the New Jersey Division of Gaming Enforcement, according to ESPN’s David Purdum, was that they were “aware of the incident” and that those impacted should “contact customer service via email at [email protected] and by leaving a voice message at 1(855)-357-2377.”
New Jersey to its bettors: Drop dead.
“You need to be able to share that you take this kind of issue very seriously as an organization and that you have training or other procedures or guidelines in place that are developed and designed to prevent these types of issues in the first place,” Leshay said. “Saying, ‘This is of great concern to us, we have a number of guidelines we adhere to. This was something that took us by surprise but we are absolutely concerned about it and on it and doing everything we possibly can to resolve the situation.’”
GRADE: D. Sure, they came out and issued statements to journalists who asked about it, and yes, they made most customers whole and are, I’m sure, working to finish that job, but saying it and doing it are two different things. Clearly — and I’ve seen the email chains — customer service was unable to assuage the fear and aggravation of people affected by the theft.
“They need to say something like, ‘We are cooperating and doing whatever we can to work with authorities to get at what caused this situation,’” Leshay said. “To be able to express that ‘we are collaborating’ is another way to show concern you’re doing all in power to get at what caused this.”
GRADE: F. Again, it’s not like the companies got out in front of this. It took reporters to suss out that the FBI was involved.
“Talking about how closely you’re monitoring the situation, and taking whatever steps need to be taken to safeguard customers’ accounts,” Leshay said. “That’s important as well.”
GRADE: C. Sure, the companies are saying this, and they’re telling us to change our passwords and stuff, but again — show me where that messaging is on the websites or apps. It’s barely there. I mean, do you follow the Twitter account of DraftKings’ customer service arm? I do, but only because of my job.
— DraftKings CX Team (@DK_Assist) November 21, 2022
It’s easy to sit here and point fingers, and by no means am I blaming DraftKings, FanDuel, or anyone else for what happened initially. Cyberattackers gonna cyberattack, y’know?
But the response — from the operators, the industry, and the government agencies charged with overseeing it all — was, and continues to be, terrible.