zlacker

[return to "Checkout.com hacked, refuses ransom payment, donates to security labs"]
1. throwa+25[view] [source] 2025-11-13 10:08:35
>>Strang+(OP)
I love this part (no trolling from me):

    > We are sorry. We regret that this incident has caused worry for our partners and people. We have begun the process to identify and contact those impacted and are working closely with law enforcement and the relevant regulators. We are fully committed to maintaining your trust.
I know there will by a bunch of cynics who say that an LLM or a PR crisis team wrote this post... but if they did, hats off. It is powerful and moving. This guys really falls on his sword / takes it on the chin.
◧◩
2. M4v3R+d5[view] [source] 2025-11-13 10:09:50
>>throwa+25
Words are cheap, but "We are sorry." is a surprisingly rare thing for a company to say (they will usually sugarcoat it, shift blame, add qualifiers, use weasel words, etc.), so it's refreshing to hear that.
◧◩◪
3. sunaoo+Q6[view] [source] 2025-11-13 10:22:53
>>M4v3R+d5
This is a classic example of a fake apology: "We regret that this incident has caused worry for our partners and people" they are not really "sorry" that data was stolen but only "regret" that their partners are worried. No word on how they will prevent this in the future and how it even happened. Instead it gets downplayed ("legacy third-party","less than 25% were affected" (which is a huge number), no word on what data exactly).
◧◩◪◨
4. kolibe+e9[view] [source] 2025-11-13 10:39:58
>>sunaoo+Q6
How would the apology need to be worded so that it does not get interpreted as a fake apology?

In terms of "downplaying" it seems like they are pretty concrete in sharing the blast radius. If less than 25% of users were affected, how else should they phrase this? They do say that this was data used for onboarding merchants that was on a system that was used in the past and is no longer used.

I am as annoyed by companies sugar coating responses, but here the response sounds refreshingly concrete and more genuine than most.

◧◩◪◨⬒
5. esskay+2r[view] [source] 2025-11-13 12:58:43
>>kolibe+e9
IMO something like:

We are truly sorry for the impact this has no doubt caused on our customers and partners businesses. This clearly should never have happened, and we take full responsibility.

Whilst we can never put into words how deeply sorry we are, we will work tirelessly to make this right with each and every one of you, starting with a full account of what transpired, and the steps we are going to be taking immediately to ensure nothing like this can ever happen again.

We want to work directly with you to help minimise the impact on you, and will be reaching out to every customer directly to help understand their immediate needs. If that means helping you migrate away to another platform, then so be it - we will assist in any way we can. Trust should be earn't, and we completely understand that in this instance your trust in us has understandably been shaken.

[go to top]