Retirements and a “cybersecurity incident”: The Equifax Saga Continues

Retirements and a “cybersecurity incident”


It seems like after a massive crisis, it is a good time for personnel associated with that crisis to retire.  Equifax has had significant negative effects from data breach.  It is a problem to have a “cybersecurity incident” when you have access to the critical identification and financial information of millions of people.  Here are samples from the “retirement”  announcements.  First the Chief Information Officer:

“The company announced that the Chief Information Officer and Chief Security Officer are retiring.  Mark Rohrwasser has been appointed interim Chief Information Officer.  Mr. Rohrwasser joined Equifax in 2016 and has led Equifax’s International IT operations since that time.  Russ Ayres has been appointed interim Chief Security Officer.  Mr. Ayres most recently served as a Vice President in the IT organization at Equifax. He will report directly to the Chief Information Officer.  The personnel changes are effective immediately.

Equifax’s internal investigation of this incident is still ongoing and the company continues to work closely with the FBI in its investigation.”

Then the CEO:

“Mark Feidler stated, “The Board remains deeply concerned about and totally focused on the cybersecurity incident.  We are working intensely to support consumers and make the necessary changes to minimize the risk that something like this happens again. Speaking for everyone on the Board, I sincerely apologize.  We have formed a Special Committee of the Board to focus on the issues arising from the incident and to ensure that all appropriate actions are taken.”

“Our interim CEO, Paulino, is an experienced leader with deep knowledge of our company and the industry.  The Board of Directors has absolute confidence in his ability to guide the company through this transition,” Feidler continued.

Richard Smith said, “Serving as CEO of Equifax has been an honor, and I’m indebted to the 10,000 Equifax employees who have dedicated their lives to making this a better company.

“The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right.  At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” Smith added. “

The interim CEO then issued an apology.  Interestingly, the apology was published in the Wall Street Journal.  Paying to have people see your apology, that seems a little impressive.  However, it actually limits who can see the apology.  The target for the apology does not appear to be the victims of the crisis but the investment community that can affect the value of Equifax.  Moreover, a close look at the retirement announcements also reflect an effort to reassure the investment community, especially when call rather historic data breach a “cybersecurity incident.”  This sounds like minimization, and effort to elude responsibility, rather than a company accepting responsibility.

Crisis communication is complex as you have multiple target audiences whose needs may not be aligned.  Still, the use of the term “cybersecurity incident” seems a bit disrespectful to the victims and will do little to help victims to adjust.  It might, however, help Equifax to recover on the economic side. Equifax also is planning to offer people in the U.S. free life time credit locking and unlocking in January 2018.  Now that does speak to victims and moves beyond corrective action to a form of compensation.

Possible Questions

  1. How do you think victims feel about the term “cybersecurity incident”? Why would Equifax adopt this term in its communications?
  2. What is the most compelling reason for placing the new apology in the Wall Street Journal while not placing it other places that are more easily accessible?
  3. The new offer of lifetime credit lock for free is three months off. How will that help as a form of compensation to victims.
  4. What stakeholders will really care about the retirements? The eventual permanent replacements?



Trying to Create Unity, “Making” a Paracrisis

The Meat & Livestock Australia (MLA) ran an advertisement showing a variety of international religious figures eating together.  Of course, they were all eat meat, in this case lamb because this is the MLA.  Here is the MLA statement:


“The campaign features gods, prophets and deities from across a wide range of religions alongside atheism, in a clearly fantastic nature, with the intent of being as inclusive as possible. Our intent is never to offend, but rather acknowledge that lamb is a meat consumed by a wide variety of cultures and capture how the world could look if people left their differing views at the door and came to the table with open arms, and minds.”

We you say you did not intend to offend, that mean you did.  One of the religious figures was the Hindu god Ganesha.  Does anyone see a problem with Ganesha eat meat?  Anyone?  Anyone with even a passing knowledge of Hinduism should have seen the problems coming.  Complaints are appearing including a diplomatic objection from India.  This is a paracrisis rather than a crisis.  In its current state, this is a faux pas that does hurt the MLA’s reputation with some stakeholders.  The as is part of a larger campaign called “You Never Lamb Alone.”


People may ask if MLA did this on purpose.  After all, vegetarians and vegans are not their target audience.  A little controversy can draw attention to a campaign and may even help to sell product.  Still managers must consider the risk and reward of such actions.  You might create a calculated paracrisis.  Other companies have done it in the past, just ask Calvin Klein. 


Questions to Consider:


1.  How effective is the MLA statement at diffusing the situation?  What the rational for your choice.

2.  Do you think the MLA anticipated the reaction when they launched the campaign?  Why or why not?

3.  Why is it a stretch to call this a crisis? 


Clarity Matters in Crisis Communication: Two Tries is not a Great Effort Equifax

In early September, Equifax made the following statement:


September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

Data breaches are a serious problem for any organization that handles desirable consumer information.  Cyber criminals want that valuable data and usually are ahead of the security programs and practices designed to secure the data.  Customers, perhaps unfairly, view all data breaches as preventable, thus, attribute high crisis responsibility in most cases.

Equifax did disclose the breach along with instructing and adjusting information.  However, their second message about the breach was unclear.  As one reporter noted:  “A day after announcing that hackers stole personal information tied to 143 million people in the US, Equifax’s response to the breach has come under scrutiny. Language on the website where people could find out if they were affected seemed to say that by signing up they would waive any right to join a class action suit against the company.”

Equifax responded by clarifying this was not the case: “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.”  You will see that language if you visit the site now.  The problem is the damage was done by the initial lack of clarity.  The digital world and traditional media are reporting the event.  The narrative casts Equifax as the villain trying to trick people into opting out of a lawsuit.  You get one chance to make a first impression and crisis response by Equifax needlessly created a negative one.

Questions to Consider

  1. Why might managers in an organization feel they have limited responsibility for data breach while customer feel the opposite way?
  2. What risks do organizations face when they try to highlight the robustness of the security measurers prior to the breach when discussing the breech? Why might manager select to present such information to stakeholders?

Wells Fargo Rolls along with the Apology Tour

The long road back continues for Wells Fargo. It now appears the company may have created over 3.5 million accounts without customer knowledge, that is another 1.4 million than initially estimated.  The new numbers come from the outside consultant Wells Fargo hired to review their practices and look for additional problems the company might need to address.  Here is part of the statement Wells Fargo made with the release of the third-party investigation:


“We apologize to everyone who was harmed by unacceptable sales practices that occurred in our retail bank,” said Wells Fargo CEO Tim Sloan. “To rebuild trust and to build a better Wells Fargo, our first priority is to make things right for our customers, and the completion of this expanded third-party analysis is an important milestone. Through this expanded review, as well as the class action settlement, free mediation services, and ongoing outreach and complaint resolution, we’ve cast a wide net to reach customers and address their remaining concerns. Our commitment has never been stronger to build a better bank for our customers, team members, shareholders and communities.”


It is important that Wells Fargo did highlight there was a third-party review:


“To conduct the review of retail bank accounts, Wells Fargo engaged a third-party firm that developed a data analysis methodology that errs on the side of customers. The account review analyzed consumer and small business checking, savings, and unsecured credit card and line of credit account data to identify potentially unauthorized accounts (see Aug. 22 news release for details on the methodology). The analysis was data-driven and looked at account usage patterns. Since usage patterns of some authorized accounts opened with a customer’s consent can be similar to some unauthorized accounts, it is likely that some properly authorized accounts were included in the population identified as unauthorized accounts.”


It is not enough to engage in corrective action, stakeholders need to be able to believe in that corrective action.  Wells Fargo must sell the process they are using to fix the problem and not just the fixes they have identified which include the following:


Summary of Customer Remediation Actions (paid or identified to date)
Third-party account review (January 2009 – September 2016)   $7.0 million in refunds of fees and interest (paid or to be paid)
Wells Fargo customer outreach – complaints process/mediation (Sept. 8, 2016 – July 31, 2017)   $3.7 million in compensation paid (through July 2017)
Class-action settlement (May 1, 2002 – April 20, 2017)   $142 million for customer remediation and settlement expenses

Next Steps: Making Things Right for our Customers

In the coming weeks, Wells Fargo will be taking significant steps to compensate its retail and small business customers who may have been harmed or impacted by unacceptable retail sales practices within the company’s retail bank. As Wells Fargo makes things right with customers, these steps also will help the company fulfill its remediation commitments under the sales practices consent orders with the Consumer Financial Protection Bureau and the Office of the Comptroller of the Currency.

These steps include:

  • Beginning communications associated with the company’s $142 million class action settlement agreement ( Jabbari v. Wells Fargo) covering all persons who claim that Wells Fargo opened, without their consent, a consumer or small business checking or savings account or an unsecured credit card or line of credit, and customers who enrolled in certain identity theft protection services, between May 1, 2002 and April 20, 2017. Over the next two months, both Wells Fargo and the court-appointed claims administrator will be sending communications about how to join the class to current and former Wells Fargo customers (details are available online at
  • Continuing to work with any customers who contact us with concerns about harm that could have been caused to their credit score by an account opened without their authorization and correcting records for these customers with the credit bureaus. Customers who inform us of an account they did not authorize that led to increased borrowing costs due to credit-score impact will be eligible for compensation from the class action settlement (Jabbari v. Wells Fargo, detailed above).
  • Compiling a list of customers who complained to Wells Fargo about an unauthorized account that was opened without their consent. Those customers will be notified by both Wells Fargo and the court-appointed claims administrator and automatically enrolled in a portion of the class-action settlement.
  • Continuing to offer free mediation services to customers if the company is unable to resolve an issue related to an unauthorized account directly with the customer. Wells Fargo will continue to offer this service to customers who are not satisfied with any of the outcomes from the steps above.


Questions to Consider


  1. Why does Wells Fargo need to sell the process and not just the corrective actions?
  2. How useful do you think the continued apologies are as part of the crisis response? What is the rationale for your conclusion?
  3. If you were a customer, how would you feel about the corrective action? Would you feel these are enough?  Why or why not?


Nectar’s Computer-generated Paracrisis Response: Is it better than no Response?

Nectar is a loyalty reward program in the UK.  People earn points by shopping at various locations such as grocery and department stores.  There is nothing inherently controversial in loyalty programs, most people belong to several.  Nectar hit a paracrisis (I think the term social media crisis is rather useless because its conceptualization is so poor) when it announced it had added The Daily Mail to the program.  The Daily Mail has a questionable reputation as a newspaper most recently running what many believe were questionable anti-refugee material.  The point is that a controversial company was added to the Nectar program and many customers and other stakeholders were upset.  Because Nectar made the announcement of the addition on Facebook, the crisis did transpire most in social media. There were already over 5,000 comments as of August 17th.


The concern here is not with the The Daily Mail but with how Nectar handled the crisis.  As you can see in the visual above, Nectar chose to repeat the same statement anytime there was a concern expressed about The Daily Mail.


“The primary factor in our decision making for any new partnership is our current customer base. From our data and research, we know that there is a large crossover between our customers and Mail readers. We appreciate your feedback.”


Critics of the response, including media training company mediafirst, argued that people want a human voice not a computer-generated response.  Moreover, the response did NOT provide a link for more information on the company’s web site.  Such links are helpful in supplying additional information to interested and active stakeholders.


Firms that seek to engage stakeholders through social media create certain expectations including responding when there are concerns.  The computer-generated response might be done due to limited staff and resources but can make the situation worse.  As mediafirst noted, Nectar could have at least created different versions of their set response.  Social media can create additional crisis risks, especially if the social media messages are deemed in appropriate or ineffective.


Questions to Consider


  1. Why would this qualify as a paracrisis?


  1. What factors could push this to becoming an actual reputational crisis? What factors could prevent the escalation of the paracrisis?


  1. How can a firm balance the demands of responsiveness with the limited resources that might be assigned to social media? Is no response better than a computer-generated response? Why or why not?

Our Product is Where? Tiki Torch’s Unhappy Publicity

Ideally, company’s want celebrities to use their products so that when the media snap pictures, the product gets publicity.  But sometimes people use your product and you wish they would not.  Such was the case for Tiki Brand Products.  During the pro-white rally in Charlottesville, VA, the company’s Tiki torches featured prominently in stories about the white supremacists carrying the Tiki torches.  Search for a story about evening march and you will see images of the Tiki torches.  No one suggests Tiki Brands Products were sponsoring such an event but the product was linked to the protests that turned violent and deadly.  Tiki Brand Products responded with the following comment on its Facebook page:


TIKI Brand is not associated in any way with the events that took place in Charlottesville and are deeply saddened and disappointed. We do not support their message or the use of our products in this way. Our products are designed to enhance backyard gatherings and to help family and friends connect with each other at home in their yard.”

Luckily people agreed with the company and the responses were largely supportive such as this one:

“Thanks for making a statement. It’s too bad that the oh-so-charming crowd of half-wit incompetent torch-bearers decided to use your products, but it’s not like we can blame you. Certainly, you didn’t say, ‘Oh hey, let us sell you a truckload or torches at a deep discount for your hate rally.’

Take heart. Your apology is spreading across Facebook. Your products are made for friends and families to gather in love. We all know this. Their misappropriation of your products is not a reflection on you, but a reminder of how much of a perversion they make of the symbols of life in our country.

Questions to Consider

1.  What are the pros and cons of Tiki Brand Products making a public statement?

2.  Why do you think the company used its Facebook page and not its web site for the statement?

3.  What are some the advantages Tiki Brand Products has when dealing with the situation?

4.  What other actions and/or communication would you take and why?

Note to Wells Fargo: Repetition is not Good for Crises

The data from research studies clearly indicate a history of crises is problematic for an organization.  Multiple crises increase attributions for crisis responsibility (and attendant damage to the organization) because it indicates stability for crisis inducing behavior.  This is part of what has been called the Velcro effect because past crises attract negative views just as Velcro attracts fuzz.


Wells Fargo cannot seem to avoid taking actions they know can hurt their customers.  I must disclose Wells Fargo owns our home mortgage but it was sold to them and we had no choice in the matter.  Last year it was found Wells Fargo employees created extra accounts for over 2 million customers without their knowledge.  Over 5,000 employees were fired after that crisis/scandal.  This July Wells Fargo admitted it had charged people with automobile loans for insurance they did not need.  The improper insurance was charged to around 800,000 people.  About 274,000 of those customers were forced into delinquency with 20,000 to 25,000 having vehicles repossessed.  In addition to the financial damage, Wells Fargo has hurt their customers in many other ways including their credit scores and access to vehicles.


To make matters worse, Wells Fargo was aware of the problem since July of 2016.  The company had the consulting firm of Oliver Wyman investigate the situation.  The New York Times made the story public when if published a story based upon the internal report.  Wells Fargo clearly missed the chance to use stealing thunder on this crisis by not disclosing what it knew when it knew it.


Once the crisis/scandal was public, Wells Fargo began posting messages online including its webs site and on Twitter.  Here is the text from the response:


Wells Fargo CEO Tim Sloan shared his thoughts with team members about making things right for auto insurance customers.

July 28, 2017

Editor’s note: On July 27, CEO Tim Sloan sent the following companywide message.

On July 27 Wells Fargo made an important public announcement about the steps we are making to build a better auto lending business and to address efforts we are taking to make things right for some customers in regard to our vehicle Collateral Protection Insurance (CPI) Program.

In addition, The New York Times has published an article based on a preliminary report that we commissioned several months ago to help us ensure that we make impacted customers whole.

Customers’ auto loan contracts require them to maintain comprehensive and collision physical damage insurance on behalf of the lender throughout the term of the loan. As permitted under those contracts, Wells Fargo would purchase CPI from a vendor on the customer’s behalf if there was no evidence — either from the customer or the insurance company — that the customer already had the required insurance.

However, in July 2016 we initiated a review of the CPI program in response to customer concerns and determined that certain external vendor processes and internal controls were inadequate. More important, we discovered that those deficiencies inadvertently harmed some of our customers. We discontinued the program in September 2016 and immediately started work, with the help of independent consultants, to ensure that our remediation plan addresses customer situations in a thoughtful way.

Wells Fargo reviewed policies placed between 2012 and 2017 and identified approximately 570,000 customers who may have been impacted and will receive refunds and other payments as compensation. In total, approximately $64 million in cash remediation will be sent to customers in the coming months, along with $16 million in account adjustments, for a total of approximately $80 million in remediation. In some cases we already have refunded customers, and the remainder of the remediation program — which begins in August and concludes by the end of this year — is still being finalized.

Beyond this remediation, we’ve taken multiple steps to strengthen the Dealer Services business. Just this week, Dealer Services announced a new structure and other recent changes include centralizing collections, tightening our credit standards, increasing oversight of third-party vendors, enhancing our risk management practices, and hiring new leaders and team members.

Auto lending is an important business to Wells Fargo because it’s vital for our customers to have access to affordable vehicle financing that enables their everyday lives. Today’s announcement underscores our long-term commitment to the business and to conducting it in the right way.

We are deeply sorry for any harm we caused our customers, who expect and deserve better from us. Situations like this one reinforce the importance of continuing to examine every aspect of our business. We will acknowledge mistakes and take responsibility for our actions. On those days, I appreciate that it sometimes can be challenging to keep up the tremendous effort you make each day for our customers and for our company. I believe in the work you are doing. I believe it’s making a significant difference and that a brighter future lies ahead for all of us as we build a better, stronger Wells Fargo.

Thank you.

Questions to Consider


  1. How effective do you feel the Wells Fargo response will be for current customers? For potential customers?


  1. How important is compensation for this crisis? Why?


  1. How important is an apology in this crisis? Why?


  1. How badly will knowing Wells Fargo withheld information hurt efforts to repair the damage from the crisis?


  1. What role does the past crisis/scandal play in shaping this crisis/scandal?


Bush Brothers Show the Way to Handle a Product Harm Recall

Product harm crises common but serious issues for organizations.  Product harm crises can place customers in danger.  Hurting consumers is a serious risk for any organization.  In the food industry, product harm crises are often called food safety crises.  People are most concerned about products they consume or place on their skin making food safety crises potentially a massive problem.  Again, food safety crises are common with hundreds per year in the U.S. alone.  Any firm involved in the food industry should be prepared for a food safety crisis.


The number one priority during a food safety crisis needs to be the consumers.  Harming consumers is a horrible form of negative publicity for a firm.  The crisis communication must feature instructing information—telling consumers how to protect themselves from the danger.  A food safety crisis is one of those crises where people really want or need the crisis messages because they could be at risk of harm.  Not all crises, especially reputational crises, create such stakeholder demands/needs for information.


Oddly, the data finds that food companies are hesitant to use their won social media channels for communicating recalls to consumers.  Around 10% for food companies will place recall information on their Twitter feeds or Facebook pages.  This reality runs counter to industry and governmental recommendations to food companies to use their digital channels during a recall (food safety crises demand a recall).


Recently, Bush Brothers & Company had to recall certain types of their baked beans.  Can seems in certain batches could be defective so the recall was initiated to protect consumers from the potential danger.  The risk was discovered internally and there were no known illnesses at the time of the recall.  Below is the text of the full message.  The Bush Twitter feed and Facebook page announced the recall and provided a link the message below.  People are told the exact product with the problem and to throw the product out (instructing information).  Bush Brothers added an apology for the inconvenience caused by the situation.  Their words match their actions—the firm is showing concern for consumers.


Text of the Recall Message:


A Message For Our Customers July 22, 2017


For more than 100 years, Bush Brothers & Company has been dedicated to producing the highest quality products for our valued consumers, customers and their families.


On July 22, 2017, we announced a voluntary recall of certain 28 ounce cans of BUSH’S® Brown Sugar Hickory Baked Beans, Country Style Baked Beans and Original Baked Beans due to potentially defective side seams on the cans. This recall was initiated after our internal quality assurance checks identified the issue. Subsequent investigations indicated a temporary quality issue from one of our can suppliers. The problem was corrected and no other product is affected.


As a fourth generation family owned business, we are guided by our values of integrity, caring, responsibility, and trust and we apologize for any inconvenience or concern this situation may cause. It’s important to note that, to date, no illnesses or other adverse consequences have been reported in connection with this voluntary recall; however, we urge you to dispose of these affected products immediately even if the beans do not look or smell spoiled. We are working with our retailers to ensure timely removal of affected product from their warehouses and shelves.


To view the affected Lot Numbers and Best By dates, please see below. BUSH’S® Consumer Relations is available to answer any questions you may have by calling 1-800-590-3797 Monday-Friday between the hours of 8:00 am and 5:00 PM Eastern Standard Time. Information may also be found on our website at


Thank you for your patience and understanding as we work through this issue. We appreciate your continued loyalty.


Questions to Consider


  1. Why would food companies choose not to use their social media channels to communicate information about a product recall?


  1. What is the danger of not using social media channels during a food safety recall?


  1. How did the message from Bush Brothers go beyond just instructing information and how might that further help the company during this crisis?

Qatar Fifa 2022:  New Twist to False Information


Organizations have always had to be concerned about false information circulating about them that could damage reputations.   P&G, for instance has battled false claims its founder sold his sole to the devil for decades.  Starbucks and McDonald’s have also had to fight damaging, false information. We might call these situations rumors or even fake news.  The key defining characteristics is the information is false and threats to damage an organization’s reputation.  Fake news is an ambiguous term but I am using it here to denote false information presented to appear as real news. 


Qatar has many problems with the current sanctions by neighboring countries.  There has been a number of controversies surrounding their hosting of Fifa’s 2022 World Cup.  A few days ago a story appeared on the web site of what seemed to be the Swiss news publication The Local.  The story claimed six Arab nations would boycott the 2022 World Cup.  There was even a quotation from Fifa president Gianni Infantino.  The web site was a copycat of The Local.  Management of The Local claimed the news publication never ran such a story and Infantino denied the words were his.  However, several major news outlets carried the story thereby giving credibility to the false information.


Organizations must now monitor their environments for false information being disseminated as news (fake news).  We can add one more liability created by the Internet and one more appropriate application of denial during a paracrisis or actual reputational crisis.


Questions to Consider


1.  What are some of the problems when trying to use the term fake news?


2.  How does this case illustrate the potential damage fake news can inflict on an organization?


3.  Even with denial, does fake news create a lingering effect for organizations?  Why or why not.

Sharing Economy also a Risk Economy: Airbnb and Racism

We now see a variety of companies the reflect the sharing economy (aka collaborative economy).  The basic premise is that people own less and share more.  You use Uber instead of owning a car (or owning less car) and use Airbnb rather than having a vacation place.  The companies I just mentioned are making it work but also reveal how the sharing economy creates great risk.  (See other posts about Uber).  Airbnb is great example of increasing risk through a sharing economy.  Airbnb relies upon individuals to offer and to rent places through their system.  And this involves a lot of people.  As the company’s slogan says:  “Book unique homes and experience a city like a local.” 


We can debate if legally or technically the people renting the places (hosts) are employees of Airbnb, that is not the point.  The point is the actions of the hosts reflects upon the organization—for those renting a place that person is Airbnb.  So, when the hosts treat the clients badly, it reflects negatively on Airbnb.  The company has had problems with people who rent their properties (hosts) discriminating against those seeking to rent places.  There is data from multiple sources that indicate the system has problems with racial discrimination and renting.  Racial discrimination is a powerful social issue that can taint a company’s reputation and may be either a paracrisis or a reputational crisis.  A recent case brought the discrimination risk to light in the media once again.  Here are the basics of the case:


“An AirBnB host who made a racist comment to an Asian guest has been fined $5,000 – and told she must attend a course on Asian-American studies.

Tami Barker cancelled Dyne Suh’s booking, telling her in a message: ‘One word says it all. Asian.’

The fine was imposed due to a new agreement between AirBnB and California’s Department of Fair Employment and Housing (DFEH).

It lets the DFEH examine hosts that have had discrimination complaints.”

We see a governmental agency getting involved in the case rising the media attention to the incident.  The DFEH levied a fine and is requiring other remedial action from the host.  The host expressed regret for her actions and hoped there would be a positive resolution to the situation. 

Airbnb co-founder Brian Chesky seemed to anticipate the risk issue when he gave the following comment in a BBC interview in 2016:  “We started this company with the belief people are fundamentally good. Mostly everyone is really good, but when you have 100 million people, there are some who don’t believe in what you believe in.”

There is little reason to believe the racism issue is now settled for Airbnb.


Questions to Consider

1.  Would you consider this a paracrisis or a crisis?  Explain your decision.

2.  What seems to be effective and ineffective about the response to this paracrisis/crisis? 

3.  What actions might Aribnb take to reduce the racism problem in the future?

4.  What are the advantages and disadvantages or Airbnb seeming to place the blame on its host when such incident arise?  Is it a sustainable strategy as incidents continue to occur?  Why or why not?