Stock price recovery is not reputation recovery. Equifax's share price climbed back. The brand file did not. A standing reference for how long a reputation event survives the financial recovery — and what it actually takes to close the file.
Cybersecurity has long been seen as a technical problem, but in reality, it is a communications problem. This article argues that cybersecurity public relations is the most underrated line of defense, crucial for managing public perception, building trust, and protecting a company's reputation during and after a cyber incident.
The December 2022 PayPal credential-stuffing breach accessed approximately 35,000 customer accounts using credentials stolen from unrelated breaches on other platforms. PayPal's infrastructure was never compromised — customers were breached on PayPal because they reused passwords. The canonical fintech credential-stuffing case study.
The August 2021 T-Mobile data breach exposed 40+ million customers — and was the inflection point in modern telecom breach-response communications. The breach cycle through the 2022 settlement, the 2023 API breach, the 2024 FCC consent decree, and the six transferable communications lessons the case teaches.
143 million American consumers exposed in a single breach. Equifax remains the textbook crisis-communications case for the data-breach era — and the standing reference every modern breach-response playbook is built against.
In April 2011, Sony took the PlayStation Network offline after a breach affecting 77 million accounts — then waited six days to tell users their data had been stolen. The delay became the defining communications failure of the incident and remains a standard reference case in crisis PR.