How eBay Handled a of Hacking Which Occurred in 2014 - Case Study Example

Communication Management Name: Course: Tutor: University: City and State: Date: Communication Management Introduction In recent times, Cyber crimes have become a very serious and prevalent occurrence affecting many aspects of our livelihood, including businesses. With the current increased dependency on Information Technology to compliment and integrate business activities, personal customer personal information, as well as the other privacy detail are constantly at risk from cyber hackers. There have recent hacking incidences that have been experienced by major companies. Such hacking incidences bring about major public relation problems that risk the reputation of such companies and further cause the customers to doubt its capability to protect their personal information. In such cases, companies need to handle the issues with caution with an aim to mitigate the public relations problem by communicating the hacking issues with transparency. Additionally communicating in good time to the relevant stakeholders and developing a good communication strategy may ultimately determine the outcome of such an event. This essay analyzes how eBay handled a case of hacking which occurred in ay 2014 that saw a breach of information of over 100miilion customers (Drinkwater, 2014). The effect of eBay’s slow reaction to properly address the situation may have cost those millions of dollars in revenue as well as costumer confidence in future endeavors. Discussion In the third week of the month of May 2014, eBay revealed that it was a victim of cyber hacking and it had lost control of over 145 million customer information. The breach was established to have the credentials of eBay employees who were compromised and allowed access for the hackers to personal information of the said customers that included passwords email addresses phone detail and their dates of birth. It is, however, notable that the hacking incident was said to have taken place about a month before they the company publicly admitted that the event took place (Grunig, 2013). Consequently, there were widespread reactions and anger from security professionals and eBay customer due to the slow response of such a sensitive incident that had already sparked multi-government investigation. The causes of the anger and public criticism can be assumed to be because eBay is one of the biggest e-commerce auction companies in the globe thereby expecting that such a company should have been well preparing to respond appropriately to such an event. Essentially the impact of cyber hacking is a far-reaching issue as it may affect the operational, financial and legal operations of a business putting the entire reputation of a company as a brand. Cyber crime is therefore, should be high among the priorities of securing the information a robust centralized counter responsive strategy should, therefore, be adopted as a part of the risk-managed plan (Troy Hunt, 2014). A response program can ensure that the continuity of business operation goes on unhinged while appropriately enforcing a plan of action that is meant to that communicate and establish a briefing plan to the relevant stakeholders. Such a strategy allows one to deal and counter all breach related affairs in good time and the best possible ways (Raupp and Hoffjann, 2012). Additionally centralized response strategy would also ensure an oversight role concerning setting up a proper guideline of inquiry internally and externally to provide as much information about the breach as possible. An additionally such a plan ensures that the company will be able to understand the source, extent of the information exposed the problem and mitigation measures which is a necessary for one to provide honest communication response to the stakeholders. The communication to be presented should be well considered regarding critical information to communicate to senior executives, ways to express the information as well as the speed and accuracy of information disbursement during the preceding days after a particular incident has occurred. Moreover, the strategy can also assist in addressing the legal challenges that could be experienced as a result of a particular crisis. For instance, companies are charged with the responsibility of ensuring that client details are protected (Drinkwater, 2014). For this reason, there may be legal implication arising from a hacking incident especially for a large company such as eBay. In fact, three States conducted a joint investigation regarding the matter while the New York attorney general requested the company to perform credit-monitoring service for the customers that had been affected free of charge (Grunig, 2013). While this shows a commitment by the government institution to hold companies accountable, the fact that eBay did not seem to have coordinated, and efficient a response action plan exposes the company to disrepute as a result of trust issues. EBay seemed to downplay the hacking judging from the ways it handled the whole affairs. Despite being a large group company with, by all records, a matured information security program, eBay has been belittled by the public and knowledge security experts for its response to the breach. First, the eBay disclosure came more than two months after the violation occurred. An eBay professional informed Reuters that the company wrongly considered customer information had not been impacted. However, the professional declined to say how much time approved between the points when it confirmed customer information had been breached and its group disclosure (Raupp and Hoffjann, 2012).When it did publically announce the breach, eBay recommended its clients to reset their website security passwords despite assurances that security passwords were properly secured. However, the systems behind the security passwords reset have come under review, with some customers worrying that password-reset information took hours to achieve delaying creatio of new security passwords. Some customers said eBay failed to answer successfully as to what exactly triggered the breach and how they should respond. Information organization Reuters exposed problems from eBay customers that it took periods for many customers to obtain explicit disclosure e-mails from eBay, and that the group notice informing customers of the incident was only released on the first website of the business site eBayInc.com, not the extremely trafficked eBay.com home page. Later on after the revelation, however, a notice was put up on the first website of eBay.com, though it was sometimes removed for other information like everyday offers. The combination of all these problems led to many customer problems on the eBay Community social network, and on social media. According to Weiner, (2006) there are ten best practices implemented during a crisis management. The approaches include the development of policies and action process in case of occurrence of a crisis. Also, to developing a policies and procedures to handle a crisis, it is important to plan in how to manage an incident before its occurrence to avoid being caught off guard by any crisis event. Thirdly, business needs to develop a partnership with the public. This means that there is an in paying attention to the concerns of the customer, and the public allows the company to remain alert and better prepare for any event of a crisis. This also includes understanding the matter that raises the interest of the public and customer. Notably, a firm requires keeping its communication honest and genuine concerning the information it passes on to the public. Openness allows a the affected company to earn the trust of the customer and the public by ensuring that they feel that there is nothing that the company is hiding concerning the issues at hand (Blevins, 2014). For instance in the case of eBay, presenting little information that was unclear and vague may communicate that the company was hiding the depth of the security breach leading to speculation within the public. Another aspect of the good communication is collaboration and coordination of the information disbursement. It is imperative that the information being communicated is authenticated, and its accuracy confirmed before such one goes out to issues a press release or employ other forms of communication to alert the public. Distribution of inaccurate information exacerbates the issues instead of mitigating it (Raupp and Hoffjann, 2012). Although the accuracy of the information is paramount, remaining accessible during the crisis especially when the media needs information on developing problems. The media should not be regarded as an enemy rather one should view the media as an access to the public. While eBay may have informed its clients about the hacking, incident, eBay did not seem to utilize the media actively in a bid to create awareness. This is because; eBay used its company website ebayinc.com unfamiliar to most of its clients and PayPal website to inform customers to change their passwords. The omission of the incident during the time it was passing the alert seemed as if they did not want to disclose the incident. Communicating with empathy and concern and being compassionate while issues a press release or communicating how a crisis will be handle allows the public to be reassured that the matter is being handled with their best interest at heart. However the company has to own the occurrence of a crisis such as in this case of eBay, the security breach. Taking responsibility requires one to inform the public the firm acknowledges the event of a crisis and what is being done to deal with the issues (Coombs, 2014). EBay in this case also did not seem to appreciate the seriousness it deserves. Even after delayed communication and disorganized disbursement of information, eBay did not show any concern and compassion with their affected client as it would have communicated a strong message indicating that they should have changed their passwords (GREENBERG, 2014). Furthermore, all it would have taken is a personalized email blast explaining the issues immediately after it had discovered the security breach. However on all this aspect eBay failed to observe very crucial principles of that crisis management communication. Additionally, even when the alert message was finally posted on the e-commerce eBay website, there was no apology towards their customers for the delay of the breach in security. Instead, the message only informed the customers of changing their passwords A message of efficacy is important to explain to the public what is being done to handle the crisis and how a company is working to ensure such a problem does not happen again. A response team that needs to be formed to assess the extent of such a breach should initially evaluate the communication of such a message. Secondly, the evaluation of the alternatives on how to deal with the crisis requires where the plan for a worst-case scenario as well as the best are analysis. This allows proper communication of an action plan to the employees, third parties, and the public through the media (Coombs, 2014). It is notable that there was a significant decline in the user activity after the hacking incident. The company also expected a fall in the yearly revenue projection and as a result, eBay’s sales revenue target was revised that $ 200million lower than the initial sales forecast. Many online security critiques and professions agree that the security breach on eBay account may have had an adverse impact on eBay’s brand. However, greater damage was done by the way the company handled the whole the hacking affair regarding their response and communication of the incident to its users. In conclusion, the needs for a proper centralized crisis communication plan are vital for every business. With the rising cases of cyber crime, the lack of good communication strategy to handle a crisis event may leave a company in a bad state of disrepute. Additionally, the implementation of communication strategy needs to consider the right information to be communicated and in what manner such information should be communicated. Necessary, look at all the aspects of the company that should be evaluated and analyzed to offer comprehensive and accurate information to all stakeholders. Notably, the transparency is an essential requirement when communicating response information so that a firm ensures that the interests of the client are considered. In the case of eBay, their communication strategy after the hacking incident in 2014 was poorly handled which may have led to declining in the sales over to putting the credibility of the brand at risk. References Weiner, D., 2006. Crisis Communications: Managing corporate reputation in the court of public opinion. Ivey Business Journal, 70(4), pp.1-6. Grunig, J.E., 2013. Excellence in public relations and communication management. Routledge. Raupp, J. and Hoffjann, O., 2012. Understanding strategy in communication management. Journal of Communication Management, 16(2), pp.146-161. Coombs, W.T., 2014. Ongoing crisis communication: Planning, managing, and responding. Sage Publications. Blevins, B. (2014). EBay breach response missteps: What other organizations can learn. Retrieved from http://searchsecurity.techtarget.com/news/2240222146/EBay-breach-response-missteps-What-other-organizations-can-learn Drinkwater, D. (2014). eBay counts the cost after 'challenging' data breach - SC Magazine UK. Retrieved from http://www.scmagazineuk.com/ebay-counts-the-cost-after-challenging-data-breach/article/361338/ GREENBERG, A. (2014). EBay Demonstrates How Not to Respond to a Huge Data Breach | WIRED. Retrieved from http://www.wired.com/2014/05/ebay-demonstrates-how-not-to-respond-to-a-huge-data-breach/ Troy Hunt. (2014). Troy Hunt: The eBay breach: answers to the questions that will inevitably be asked. Retrieved from http://www.troyhunt.com/2014/05/the-ebay-breach-answers-to-questions.html Read More