Squiffy 28 October 2015 12:07:06
Learn to speak Databreach
The plain man's guide to the corporate language of Data Breaches.
| 1. "No encryption keys were compromised." - We don't encrypt any of our data. |
| 2. "A small number of customar records may have been compromised." - They got the lot. |
| 3. "As far as we can tell no financial data was accessed." - As I said earlier, they got the lot. |
| 4. "We are working closely with security experts." - The same lot that failed to fix things last time are here again. |
| 5. "We were the victims of a sophisticated attack." - A laptop and a freely available script downloaded from the internet was all it took. |
| 6. "Our security staff were distracted by the DDoS attack on our website." - The admin that deals with security was on a day off. |
| 7. "The responsibility to protect our customers data is our highest priority." - We don't have a CISO. |
| 8. "We are offering all affected customers 12 months free credit monitoring." - We are not responsible for customer losses resulting from the breach. |
| 9. "The data was held on a cluster of highly secure servers." - For scalability we replicate the data throughout our infrastructure. |
| 10. "We are working with crimminal investigation authorities to determine the extent and source of the breach." - We haven't been charged with negligence ..... Yet. |
| 11. "Any of our customers can contact our support staff 7 by 24 with any concerns." - The call center thhat handles our support calls have got the wait time down to 2 hours. |
| 12. "We are undertaking a comprehensive review of our security procedures." - Somebody will get fired, we just don't know who, yet. |
| 13. "We believe that a third-party may have been compromised to effect the breach." - Rest assured, we will find someone else to blame. |
| 14. "We have increased spending on data security over the last year." - The press office has taken on a full time spin-doctor dedicated to handling data breaches. |
| 15. "We have been striving to educate our customers on best security practices." - Someone has to make up for our incompetence. |
