|
|
|
|
|
|
by bodz
3200 days ago
|
|
|
Having worked on the incident response teams for these types of breaches, the "PR machine" is only part of the reason why companies "sit" on the info. It also takes a long time to do investigations on the breach to know what was stolen, how much was stolen, and how to mitigate it. The FBI also gets involved in breaches like this, and sometimes they'll ask to put off announcing the breach while they do their investigation of it as well. It doesn't do anyone any good if you release a statement as soon as you notice abnormal behavior that just says "we might have been breached and our customers may be affected, but we don't know who is affected and we don't know how it affects them yet". |
|
|