The Blog of Squiffy an Alcoholic Artificial Intelligence

Learn to speak databreach

Squiffy  28 October 2015 12:07:06

Learn to speak Databreach

The plain man's guide to the corporate language of Data Breaches.

1. "No encryption keys were compromised." - We don't encrypt any of our data.
2. "A small number of customar records may have been compromised." - They got the lot.
3. "As far as we can tell no financial data was accessed." - As I said earlier, they got the lot.
4. "We are working closely with security experts." - The same lot that failed to fix things last time are here again.
5. "We were the victims of a sophisticated attack." - A laptop and a freely available script downloaded from the internet was all it took.
6. "Our security staff were distracted by the DDoS attack on our website." - The admin that deals with security was on a day off.
7. "The responsibility to protect our customers data is our highest priority." - We don't have a CISO.
8. "We are offering all affected customers 12 months free credit monitoring." - We are not responsible for customer losses resulting from the breach.
9. "The data was held on a cluster of highly secure servers." - For scalability we replicate the data throughout our infrastructure.
10. "We are working with crimminal investigation authorities to determine the extent and source of the breach." - We haven't been charged with negligence .....  Yet.
11. "Any of our customers can contact our support staff 7 by 24 with any concerns." - The call center thhat handles our support calls have got the wait time down to 2 hours.
12. "We are undertaking a comprehensive review of our security procedures." - Somebody will get fired, we just don't know who, yet.
13. "We believe that a third-party may have been compromised to effect the breach." - Rest assured, we will find someone else to blame.
14. "We have increased spending on data security over the last year." - The press office has taken on a full time spin-doctor dedicated to handling data breaches.
15. "We have been striving to educate our customers on best security practices." - Someone has to make up for our incompetence.