Roundup of Corporate Crises in 2024

2024 has been a challenging year for corporations. Many have suffered reputational damage surrounding data breaches and customer privacy issues. Others are grappling with backlash from social media revelations that has damaged brand reputation, customer retention, and the financial bottom line. These are some of the most significant corporate public relations crises that grabbed global attention in 2024.

Boeing's Astronaut Stranding Incident

In June 2024, NASA astronauts Butch Wilmore and Suni Williams were stranded in space for over 50 days after their Boeing Starliner spacecraft experienced a series of issues including helium leaks, multiple failing thrusters, and software issues.

Originally expected to last ten days, the astronauts were stranded for 50 days while executives at NASA and Boeing argued and blamed each other. Ultimately NASA decided to use SpaceX to rescue Wilmore and Williams.

The astronauts were ultimately able to safely dock with the International Space Station after existing off of existing food, oxygen, and other supplies that NASA had on hand for such situations.

London Drugs' Cyberattack

In April 2024, London Drugs, a prominent Canadian retail pharmacy chain, suffered a significant cyberattack attributed to the LockBit ransomware group. The breach led to the closure of all 79 stores across Western Canada for over a week, disrupting services and operations.

The attackers exfiltrated sensitive corporate data, including extensive employee records such as financial information, personal data, and employment records. Despite a ransom demand of $25 million, London Drugs refused to pay, resulting in some of the compromised data being leaked on the dark web. The company maintained that no customer or patient data was compromised during the incident.

London Drug’s transparent communication and swift action were praised as exemplary crisis management after the company implemented enhanced cybersecurity measures and provided credit monitoring and identity theft protection services to affected employees.

Tesla's Cybertruck Recall

In April 2024, Tesla issued a recall for all 3,878 Cybertrucks produced between November 13, 2023, and April 4, 2024, due to a defect in the accelerator pedal assembly. The National Highway Traffic Safety Administration (NHTSA) reported that the accelerator pedal pad could become dislodged under high force, potentially causing unintended acceleration if it became trapped in the interior trim. This defect increased the risk of collisions, prompting Tesla to initiate the recall to replace or rework the faulty pedal assemblies.

This incident raised concerns about Tesla's quality control, especially as it followed several other recalls for the Cybertruck in 2024, including issues with windshield wipers and loose trim pieces.

Ticketmaster's Data Breach

In May 2024, Ticketmaster, a leading ticket sales and distribution company, experienced a massive data breach attributed to the hacker group ShinyHunters. The breach compromised the personal information of approximately 560 million customers worldwide, including names, addresses, phone numbers, order information, and partial payment card details.

ShinyHunters offered the stolen 1.3 terabyte database for sale on a Russian hacking forum, seeking $500,000. The compromised data was hosted on a database managed by Snowflake, a cloud storage company.

Ticketmaster's parent company, Live Nation Entertainment, confirmed the breach and faced a class-action lawsuit as a result.

This incident led to significant reputational damage for Ticketmaster, with customers expressing concerns over the security of their personal information and the company's data protection practices.

Meta's Data Privacy Breach

In 2018, Facebook (now Meta Platforms) faced a major public relations crisis when a security breach compromised the personal data of approximately 29 million users. Attackers exploited vulnerabilities in the "View As" feature, allowing them to steal access tokens and gain unauthorized control over user accounts. The exposed information included names, contact details, locations, birth dates, and other personal data.

This incident drew significant criticism regarding Facebook's data security practices and led to regulatory scrutiny. In December 2024, the European Union's Data Protection Commission fined Meta €251 million (approximately $263 million) for this breach, underscoring the long-term reputational and financial repercussions of the incident.

Nike's 'Exclusivity' Controversy

Nike has faced criticism over its "Exclusive Access" program, designed to offer select customers early opportunities to purchase limited-edition sneakers. Many consumers have expressed frustration, perceiving the selection process as opaque and unfair, with some alleging that it favors resellers or individuals with multiple accounts. This controversy has been exacerbated by instances where high-demand releases quickly sell out, only to reappear at significantly higher prices on secondary markets. Critics argue that this undermines genuine sneaker enthusiasts and damages Nike's reputation for inclusivity and customer loyalty. In response, Nike has stated that it is refining the Exclusive Access system to enhance fairness and transparency, aiming to ensure that more products reach their intended audience.

CrowdStrike's Software Update Failure

In July 2024, CrowdStrike, a leading cybersecurity firm, released a flawed software update which caused a massive IT outage, affecting 8.5 million computers globally and leading to an estimated $10 billion in damages. The update caused widespread system crashes, rendering millions of Windows computers inoperable. This incident disrupted critical services globally, including airlines, banks, and healthcare providers, leading to significant operational and financial losses.

The company's initial response was criticized for its lack of transparency and inadequate communication, exacerbating public frustration. Although CrowdStrike later issued a patch and offered $10 Uber Eats gift cards as a goodwill gesture, these efforts were perceived as insufficient, further damaging its reputation. The crisis resulted in a notable decline in stock value and raised serious concerns about the company's quality assurance processes and reliability in the cybersecurity industry.

United Airlines' Incident with Terrell Davis

In July 2024, Pro Football Hall of Famer Terrell Davis was involved in a controversial incident aboard a United Airlines flight from Denver to Orange County, California. After lightly tapping a flight attendant to request ice for his son, Davis was accused of assault. Upon landing, FBI agents boarded the plane, handcuffed Davis in front of his family, and escorted him off the aircraft. After interviewing Davis and other passengers, the FBI released him when they determined the flight attendant had made an inaccurate accusation. In response, there was a public outcry to boycott the airlines.

United Airlines subsequently apologized, removed the flight attendant from service, and lifted Davis's 'no-fly' status. Davis expressed feelings of humiliation and concern over the impact on his family, prompting discussions about the incident's implications and United Airlines' handling of the situation.

Mattel's “Wicked” Packaging Error

In November 2024, Mattel faced a significant public relations crisis due to a packaging error involving its new line of dolls inspired by the "Wicked" movie. The packaging mistakenly displayed the URL "www.wicked.com" instead of the intended "www.wickedmovie.com," inadvertently directing consumers, including children, to a porn website. This oversight led to widespread backlash from parents and the public, with many expressing outrage over the potential exposure of inappropriate content to minors.

Social media platforms were abuzz with criticism, amplifying the negative sentiment. In response, Mattel issued a public apology, advising customers to discard or obscure the incorrect link and implementing immediate corrective measures to prevent such errors in the future. Despite these efforts, the incident raised serious concerns about the company's quality control processes and had a detrimental impact on its reputation.

Post Office Horizon Scandal

The UK Post Office Horizon scandal, spanning from 1999 to 2015, involved the wrongful prosecution of over 700 sub-postmasters based on flawed data from the Horizon IT system. This system inaccurately reported financial discrepancies, leading to convictions for theft, fraud, and false accounting. The Post Office's failure to acknowledge the system's faults resulted in severe personal and professional consequences for the affected individuals. In 2024, a public inquiry revealed systemic failures, including the Post Office's delayed admission of Horizon's faults in 2019, internal ignorance and deception, and the tragic suicide of postmaster Martin Griffiths, wrongly accused of theft. The inquiry also exposed discrimination, ignored critical evidence, and the malicious persecution of postmasters. Executives, like Paula Vennells, faced scrutiny for covering up Horizon's flaws despite knowing them, while Fujitsu admitted its role and apologized. The inquiry’s final report is due next year. But the scandal has severely damaged the reputation of the Post Office.

Most corporate public relations crises are exacerbated by a combination of poor crisis planning and a knee-jerk reaction to close ranks and ignore the situation in hopes that it will all go away quickly. This invariably makes the situation much worse. Merrell Strategy assists corporate clients dealing with public relations crises and with advanced preventative planning.