[TobyTheDog123]

They lost all credibility when they failed to do the one single thing companies trust them to do, on a massive and severe scale, with long-lasting financial repercussions for AT LEAST 250 of the worlds biggest companies (I believe it's more than they're letting on).

[toomuchtodo]

It is a shame that the new DHS 72 hour reporting requirement was not in effect when this breach occurred, but it is extremely evident why it is required. Regarding business classification, I don't think it's too difficult to argue that commercial identity providers are critical infra.

https://news.ycombinator.com/item?id=30699024

https://www.congress.gov/bill/117th-congress/house-bill/2471...

[zwayhowder]

That law is modelled on laws in the EU, Australia and other countries. I know if my employer is one of the affected companies they are in breach of our notification laws.

[sofixa]

GDPR already covers this. If companies with EU employees were among the 2.5% ( not unlikely), they should have disclosed this, first to the ICO and customers, then the public.