Essential Guide to dealing with a data breach
A comprehensive collection of articles, videos and more, hand-picked by our editors
It’s been a bad few weeks for users of both Ashley Madison and Mumsnet, after both sites fell victim to cyber crime.
The saga at Ashley Madison has been rumbling on for a couple of months now. The hackers who stole sensitive customer information from the site have now dumped 9.7GB of consumer details onto the dark web, releasing the names and pseudonyms of some 37 million users worldwide.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
A group called Impact Team has taken responsibility for the attack, claiming it did so because it was unhappy about the way the site is run.
In the case of Mumsnet, one person – possibly a disgruntled father – created a website on which they posted the passwords of 3,000 Mumsnet users and staff. This caused the online forum to crash and forced every one of its 7.7 million members to change their passwords. As a result, some members are reported to have closed their accounts for fear of a similar attack in the future.
How each organisation now handles the issue is critical to them winning the support and understanding of their existing and, crucially, potential future customers. Both organisations have suddenly been thrust into the media spotlight and are trying to handle their crises as best they can. Each company has gone for an entirely different approach, putting out starkly different statements.
Ashley Madison – it's not our affair
Ashley Madison has said the breach “is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any free-thinking people who choose to engage in fully lawful online activities”.
It lays the blame squarely at the door of the hackers, and takes no responsibility for the breach. Ashley Madison is not ‘owning’ the problem; it is positioning itself and its customers as victims of an unexpected attack.
Mumsnet takes the flak
By contrast, Mumsnet has taken the flak. “We're really sorry for the alarm and inconvenience this might cause, and we realise you're likely to have further questions about what's been happening,” the company said, releasing an FAQ document to help members find the answers to the most common questions they may have, and inviting anyone with concerns to contact Mumsnet directly.
In reality, all membership organisations are potential targets to hackers because of the information they hold. But with certain businesses, the risk is far greater. If a firm’s core proposition to the market includes the perceived sensitivity of its data – as is the case with Ashley Madison – then the potential for long-term damage to the business is substantial.
Own the problem and take responsibility
Any organisation that has been targeted by hackers must ‘own’ the issue and take responsibility for the breach, even if it must do so through gritted teeth. This is the only way to restore some faith in its integrity and trustworthiness. A clear statement detailing what steps will be taken to avoid future breaches is vital.
Taking responsibility implies that an organisation is in a position, and has the intent, to ensure that it doesn’t happen again. Laying the blame at an external party’s door is essentially telling the general public that the issue is out of the company's hands. This is a sure-fire way to lose existing members and put potential future customers off engaging with your brand.
Passing the buck keeps you in the headlines
The media also see through attempts to pass the buck – and they don’t like it. In fact, a story is more likely to run and run in these cases, as journalists try to get to the bottom of the issue. Increased longevity of coverage is even more damaging to a brand and its future business – just ask Tesco.
The best approach is one of honesty, and of a proactive determination to avoid the issue being repeated. Both organisations must now own the issue, apologise and promise to put things right.
Not only is this more likely to kill the story quickly, it could even be a springboard for growth. Shifting the focus from an organisation’s security failings to the positive action it is taking sets it apart from others in a similar position.
Emily Dent is PR director at crisis communications agency Rampart PR