[throwaway78594]

(Throwaway account.)

The company I own got hacked and our database was stolen, containing basic user and company data for 100,000s of users as well as some partial card data. From the moment I discovered the breach (browsing logs after an unexplained brief outage), for the next 3-6 months, my life did not belong to me, but to insurers, forensic investigators, regulators, the police, credit card companies, press/media, and thousands of customers who emailed and called about it. Suddenly my life went from two or three people I would regularly interact with a couple times per week, to dozens of people who were involved in the crisis response, cleanup, and 'remediations' who I would speak to multiple times per 16-18 hour day.

Around the same time, I lost some close friends very suddenly - one to cancer, another to old age. And there was the whole pandemic thing. I still haven't been able to grieve properly about that.

You read about data breaches happening almost every week to various companies large and small, and mutter about how careless they were, or worry about whether you were personally affected. But from the inside, it is a totally different story for those involved (if they have even an ounce of genuine remorse and concern, as I did). Behind the scenes, they are an absolute shit-show. The truth is we had been careful and the hack was due to a compromised vendor, not our own code or networking, but I felt massively responsible and like the worst person in the world. I worked the 16-18 hour days in part to assuage my own guilt, but also because I had nobody else that could. The one saving grace was having good cyber crime insurance (which, I note, is now far more expensive than before - I'd pay it many times over, though).

I'm still not over the incident, and have regular therapy (and regular nightmares) with many days spent unable to really focus on anything. Burnout is real, PTSD is real, and I don't know if I will ever feel truly safe again - I certainly feel that I need to get myself off the internet as soon as possible, and away from any kind of business leadership role. I just cannot ever face something like that ever again.

Thanks

[matco11]

Amazing of you to share this. It will get better. You will feel better.

I understand how you feel now, but (I am sure) very many people out there would rather trust their data to (a future) you given how careful you have been, how much you have cared, and how much you have learned from this.

[DoreenMichele]

I'm still not over the incident, and have regular therapy (and regular nightmares)

When you've been dream deprived for any reason -- lack of sleep, medication, drug use, alcohol -- and you resume sleeping more/better, you will have intense, vivid dreams and these often get interpreted as nightmares. This can happen for really prosaic reasons like you quit smoking or you cut back on how much coffee you drink.

If you know about that phenomenon, it can be easier to see them as simply very vivid dreams and treat them kind of like a roller coaster ride. Some people like roller coasters and pay good money for intense experiences of that sort.

The rest will definitely take time and effort to sort. But I'm hoping a little information here will make things slightly more bearable in the short term because if you were working 18 hour days and likely sucking down coffee to help you cope, that phenomenon of very vivid dreams is almost certainly part of what you are going through.

Yes, those dreams may well be focused on recent stressors. But the intensity per se may mostly mean "I'm finally getting more than five hours of sleep a night again." and/or "I've cut down on the coffee habit now that the drama is mostly wrapped up."

[b0afc375b5]

Thanks for sharing your perspective. I would definitely feel the same (or worse) if I was in your shoes.

[gumby]

throwaway78594, that grueling experience sounds horrifying.

I'm working on a way to stop the "compromised vendor" problem. We have no idea what it's like on the inside when this happens. If you ever want to talk about it more I'd love to (sympathetically) have some idea. Not sell you anything, not "interview you" just learn.

You can contact me at dvhw at ABScott.com (not the domain of the company working on this -- really I'm not trying to sell you anything, especially at this terrible time).

[murukesh_s]

Thanks for sharing the experience. I understand your pain. It would be helpful if you can name the vendor, or if it's too dangerous to reveal, just name the industry/vertical of the vendor? it could help others avoid the vendor..