How companies like McDonald's scramble when their Twitter account goes rogue.

How Companies Like McDonald’s Scramble When Their Twitter Accounts Go Rogue

How Companies Like McDonald’s Scramble When Their Twitter Accounts Go Rogue

A blog about business and economics.
March 16 2017 2:30 PM

How Companies Like McDonald’s Scramble When Their Twitter Accounts Go Rogue

The offending, now-deleted tweet.


No matter what, a rogue tweet like the one issued by McDonald’s Twitter account Thursday morning has a small, immediate economic impact. The likely scenarios are either that the missive was either a rogue or mistaken tweet by a staffer, in which case unemployment in the U.S. will almost certainly rise by one person. The other option is that McDonald’s was McHacked. On its Twitter feed, McDonald’s announced that its account had been “compromised.”

Either way, the cost to McDonald’s will be a lot higher than a single position or cybersecurity patch.


For small organizations, there’s a pretty simple playbook when a rogue tweet is posted on an official account. Take it down or delete it, swiftly discipline the person responsible, issue an apologetic statement, and move on.

For a Fortune 500 company like McDonald’s, it’s not that simple. Social media has become an integral part of marketing, brand communications, advertising, promotion, and corporate communications. There are large teams of people and layers of bureaucracy, policy, and protocols behind every social media posting. When 140 characters go astray, it’s easy to imagine 140 humans springing into damage-control mode.

When something like this happens at a very large corporation, a series of processes, fire drills, and protocols go into action. The IT department is alerted to investigate if there was a leak. If it turns out the tweet was the work of a rogue employee, human resources and legal must review the options for discipline or firing. There would have to be a series of discussions and perhaps some documents drawn up and signed by both parties. If the account was hacked, legal, IT, and compliance would assemble to interface with their counterparts at Twitter.

At the same time, many components of the brand apparatus jump off their treadmill desks and spring into action. The social media team, which might consist of dozens of people around the world, would convene via web conference to discuss the breach. The groups charged with safeguarding McDonald’s data would sheepishly figure out a response. A global all-hands meetings of social media, marketing, press, and public relations staffers would be called. A cross-silo crisis team—marketing, brand, public relations, legal—would start meeting daily at 7:30 a.m. to monitor the situation.


At the same time, the company would have to look after those downstream from the shitstorm—in this case, McDonald’s many franchisees. So the organization that deals with franchisees would fan out electronically and in person to assure store owners that the company has no anti-Trump bias, promise it won’t happen again, and lay out the plans to recover from the damage.

Instantly, questions would be raised as to how far to escalate this situation within the organization. It’s likely someone will conclude (probably correctly) that senior executives all the way up to the CEO will be asked about the breach at their next interview, conference call, or investor presentation. So the chiefs of staff of senior executives reach down into the organization and ask for reports and briefings they can in turn share with their superiors. A group of people big enough to run a small news site would spend a day crafting a release that the CEO can sign, which would of course have to be reviewed by legal.

Meanwhile, the large company’s many outside counselors and service providers view such breaches as an opportunity to prove their worth (and perhaps bill some hours). So outside lawyers, cybersecurity consultants, and especially public relations and advertising agencies, scramble to craft responses, draft memos, and set up meetings with their counterparts.

And that’s just the first day.

After the rapid response, any large organization worth its salt will conduct an inquest. Within weeks a smartly designed report will appear laying out in excruciating detail how the account was accessed inappropriately, and how the tweet was posted and then pinned for a period of time. For their next quarterly offsite in the summer, the social media teams, in conjunction with legal, will start drafting a series of lessons learned and set up new tweeting review protocols. The marketing and brand professionals might commission a few focus groups and surveys (perhaps even on Twitter!) to assess whether the brand has been unduly politicized. Human resources would then begin building a page on the company intranet to educate global team members on proper Twitter etiquette and how to safeguard social media accounts. Perhaps an outside provider would be advised to create a new video training module for new hires.

The module will consist of two words of advice: never tweet.