A couple of my recent posts have focused on companies that made major missteps, leaving customers angry and creating real financial implications for their business. So, it’s always a breath of fresh air when I see a company navigate a challenging moment with connection at the center.

Earlier this month, Substack contacted all content creators to let us know about a data breach that exposed our email addresses and phone numbers. No data breach is good, but those two pieces of information are fairly public for me as a small business owner, so I wasn’t overly concerned and nearly ignored the communication.  

But I wasn’t prepared for how great I would feel about the company after reading their email. As I’ve said before, customers are willing to put up with a certain amount of inconvenience or frustration if they feel they are valued and heard. Substack understands this loud and clear, and their message was the exact example that others should follow to address a challenging issue right away.

Let’s break down the things that went right in their outreach, starting with the opening paragraph:

“I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission. I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here. “

Right from the start, they were clear and to the point about what happened, apologized for the issue, and took ownership of the problem. They didn’t try to deflect with a murky marketing message and used language that everyone could understand and relate to.

“What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.” [Bold emphasis is theirs.]

They continued to spell out specifics of the problem which already sends a message of trust and authenticity. Most importantly, they reassured us that our most sensitive data was not accessed. They tried to imagine the questions we might have in our heads when seeing the words “data breach,” put themselves in our shoes, and responded with not just clarity, but humanity.

“What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.”

On its own, this might seem like a typical corporate statement, but with the context of the two paragraphs above it, this actually felt legitimate.

“What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.”

Again, this reassures us that the breach is likely nothing, but it’s worth keeping an eye out for anything suspicious. Not putting a lot of work on us as the customer, just a reminder to be aware of bad actors out there in the world.

This sucks. I'm sorry. We will work very hard to make sure it does not happen again.

- Chris Best, CEO of Substack

This might be my all-time favorite closing of a corporate email because it’s clear, to the point, and completely human. Yep, it does suck – both for us and for them. No company ever wants to have to send an email like this, so when they do, it’s best to just show up as your full, authentic, human selves. The power of connection in this short and sweet email is so strong that my immediate response to the issue was: “humans are flawed and mistakes happen, but I’m still ready to send out my next Substack post.”

Are you struggling to make your messaging relational and relevant, particularly when you have a tough message to deliver? How are you using language to help others connect with your ideas? I’d love to hear from you and, of course, I’m always here to help if you’re stuck. Feel free to join the conversation on Substack or drop us a line at hello@theconnectors.net.

P.S. Want another example of a company who puts connection at the center of their communications? Check out my post from last spring about BÉIS’ response to tariffs and potential price increases.