No matter how well a company adheres to best practices, a prickly situation is somewhat inevitable. Crises happen, but what’s unknown in advance is their exact shape.

The key to making it through challenging times is a good, well-prepared crisis management strategy (ideally through an experienced crisis management pr firm). A good strategy can not only help put out the fire – it can also turn a trying time into an opportunity for growth and strengthened customer relationships.

Here are two examples of major companies who had a recent brush with scandal. While these companies didn’t do everything right, the overall approach is worth studying, especially for those who have been fortunate enough to never have been in a crisis.

Robinhood – GameStop Stock Controversy

Robinhood is one of America’s most popular stock trading platforms. In 2021, one of the most popular stocks to buy on the platform was GameStop, a video game retailer that unexpectedly became the center of the “memestock” movement. Then suddenly, without warning, Robinhood restricted the buying of GameStop and many other volatile stocks.

This went against the platform’s brand principles – which claimed they were on a mission to “democratize finance for all”. Users – who had to keep the stock even as it plummeted – were furious. The words “market manipulation” and “class action lawsuit” were thrown around.

Robinhood communicated directly with audiences. Their CEO addressed the situation, appearing on CNBC and CNN to explain why they had restricted the purchasing of GameStop, putting it down to a liquidity crunch, Wall Street rules and clearinghouse limits. Clear and direct communication is central to a good crisis management campaign – but delivery is key.

The initial response would have been more effective if the CEO avoided technical jargon on television and focused on accountability and empathy.  Users were angry – and Robinhood should have centered their understanding and compassion, rather than the finer details of the incident.

Credit to Robinhood: they addressed the problem at the root cause, demonstrating actionable changes alongside communication. They improved their platform to make sure liquidity concerns would be better handled in the future. They attempted to make their platform more transparent, so the reasoning for future decisions could be easily understood by users.

Microsoft – Data Breach Disaster with a 365 Phishing Attack

Business runs on Microsoft. So when there’s a data breech, it can impact the important work of millions of companies.

Microsoft’s servers and data centres are frequently under attack from malicious actors. In the October of 2024, there was a particularly sophisticated phishing campaign, targeting Microsoft 365 users.  Users received realistic, fraudulent emails mimicking Microsoft, requesting their login information. With the scale of Microsoft, even if just one percent of people filled out the form – the scammers still gained access to countless corporate emails and sensitive information.

Microsoft were quick to respond. They immediately contacted users who had been compromised with clear next steps on how to secure their account. They offered detailed insights on the attack chain, and explained the hackers’ tactics, techniques and procedures to help users understand how the situation occurred and signs to look out for in the future. They also enhanced security measures, pushing for multi-factor authentication and passwordless sign-in.

What was most important – Microsoft wasn’t defensive. They didn’t try to throw users under the bus. Instead, they explained the situation, took accountability and showed empathy for the distressing nature of the situation, ensuring that their users had all the support necessary to recover. Several months later, the attack is all but forgotten.