Companies Respond to Data Breaches
/British Airways, GitHub, and Uber have responded to potential security attacks in different ways.
British Airways' Executive Club members complained of unknown hotel bookings and phone number changes, but the company said only a few frequent flier members were affected. Critics say that BA shouldn't ask users to click a link to change their password, which is confusing because this is a common phishing scheme. The company sent an email to Club members.
GitHub blamed China for a DDoS (distributed denial of service) attack, but a representative from the Chinese government denied the claim:
"It is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I'd like to remind you that China is one of the major victims of cyber-attacks."
Although users complained that their Uber accounts were hijacked, the company denied a breach:
"We take any issue of this nature very seriously and after investigating have found no evidence of a breach at Uber.
"Attempting to fraudulently access and use Uber accounts is illegal and we notify the authorities about such activity.
"We would like to remind people to use strong and unique usernames and passwords and to avoid reusing the same credentials across multiple sites and services."
Discussion Starters:
- Compare messages from British Airways (above), GitHub, and Uber. How do you account for the differences? Consider the industries, company culture, circumstances, and so on.
- If companies such as British Airways shouldn't use an email link for people to change their passwords, what is a better approach?