It appears Mumsnet has undergone a sustained attack in both the virtual and physical world in the form of a DDoS and ‘Swatting’ incident respectively. How a company responds to this kind of situation is always interesting as security experts generally believe most attacks of this sort are swept under the carpet by the target company in order to reduce PR flak and regulatory scrutiny. Mumsnet and co-founder Justine Roberts have done the opposite and released a public statement to all its members - this is being updated daily and can be read in full here: http://www.mumsnet.com/info/mumsnet-site-attacks-faqs-and-updates
Not only is their communication comprehensively honest (both about the nature of the attacks and the ramifications), it contains some excellent advice on what their members should do to minimise the risk of them being hacked too. They clearly already employ some very sensible safeguards such as encrypting passwords and despite the persistent nature of the attack, at the time of writing the perpetrator has only gained access to 11 accounts (relatively small given the user base).
Far from shying away from their responsibilities, they have embraced this situation to educate their users, reviewed theirsecurityprotocols and publicly denounced the actions of the individual(s) responsible. Contrast this with the debacle that is the recent Ashley Madison leak, where the scale and fallout is being realised in realtime (as and when hackers release new tranches of data).
There has to be an industrywide discussion about how companies report breeches so that we can start to learn lessons and encourage those with sloppy security to up their game. It is a tough balancing act though, as PR and lawsuits aside, companies' inaction could result in us sleepwalking into governments forcing all firms to announce even the tiniest issue.
If history has taught us anything, governments are woefully poor at writing regulatory legislation for tech firms - not only do they often fail to understand the current issues at hand but they don't recognise the ever evolving nature of technology they’re trying to regulate.
In this battle of common sense, we’d have to declare Mumsnet the winner.