zlacker

>>Strang+(OP)
If i was a customer id be pissed off, but this is as good as a response you can have to an incident like this.

- timely response

- initial disclosure by company and not third party

- actual expression of shame and remorse

- a decent explanation of target/scope

i could imagine being cyclical about the statement, but look at other companies who have gotten breached in the past. very few of them do well on all points

>>prodig+47
> as good as a response you can have to an incident like this.

From customer perspective “in an effort to reduce the likelihood of this data becoming widely available, we’ve paid the ransom” is probably better, even if some people will not like it.

Also to really be transparent it’d be good to post a detailed postmortem along with audit results detailing other problems they (most likely) discovered.

>>wallet+v8
You mean as a customer you'd feel better if the company victim of ransom would help fund the very group that put the business and your data in jeopardy?

>>gchamo+4k
Of course, it makes my data and my customers data less likely to end up public on the internet.

It’s not great, but it’s the least shitty option.

>>wallet+cq
What makes you think they won't get the money and sell the database in the dark web?

This is like falling victim to a scam and paying more on top of it because the scammers promised to return the money if you pay a bit more.

I see no likelihood game to be played there because you can't trust criminals by default. Thinking otherwise is just naive and wishful. Your data is out in the wild, nothing you can do about that. As soon as you accept that the better are your chances to do damage reduction.