zlacker

>>Strang+(OP)
I love this part (no trolling from me):

    > We are sorry. We regret that this incident has caused worry for our partners and people. We have begun the process to identify and contact those impacted and are working closely with law enforcement and the relevant regulators. We are fully committed to maintaining your trust.

I know there will by a bunch of cynics who say that an LLM or a PR crisis team wrote this post... but if they did, hats off. It is powerful and moving. This guys really falls on his sword / takes it on the chin.

>>throwa+25
Words are cheap, but "We are sorry." is a surprisingly rare thing for a company to say (they will usually sugarcoat it, shift blame, add qualifiers, use weasel words, etc.), so it's refreshing to hear that.

>>M4v3R+d5
This is a classic example of a fake apology: "We regret that this incident has caused worry for our partners and people" they are not really "sorry" that data was stolen but only "regret" that their partners are worried. No word on how they will prevent this in the future and how it even happened. Instead it gets downplayed ("legacy third-party","less than 25% were affected" (which is a huge number), no word on what data exactly).

>>sunaoo+Q6
How would the apology need to be worded so that it does not get interpreted as a fake apology?

In terms of "downplaying" it seems like they are pretty concrete in sharing the blast radius. If less than 25% of users were affected, how else should they phrase this? They do say that this was data used for onboarding merchants that was on a system that was used in the past and is no longer used.

I am as annoyed by companies sugar coating responses, but here the response sounds refreshingly concrete and more genuine than most.

>>kolibe+e9
> How would the apology need to be worded so that it does not get interpreted as a fake apology?

"We regret that we neglected our security to such degree that it has caused this incident."

It's very simple. Don't be sorry I feel bad, be sorry you did bad.