[wara23arish]

I happened to be there while this attack was in progress (ocotober 23). And all there systems were really offline, POS didnt work, wifi didn’t work, literally anything connected to a computer didnt work.

What’s unfortunate is that they flagged this vulnerability in 2022 and planned to review it in 2024 ???

Does it usually take this long to identify impact of users? They mentioned they paid for identity protection for their staff & ex-staff as well.

[alexriddle]

I work in a related field (cyber insurance response) - typically takes a few months to identify exfiltrated data and then analyse it to understand what is in it. This might seem simple but there are usually in the region of hundreds of thousands to millions of files, and that may contain spreadsheets with tens of thousands of rows. This all has to be analysed, filtered and reduced to the point you have a list of PII which has been impacted, and can decide on what to do.

Credit monitoring is usually offered as standard when a breach occurs, the UK is much less litigation friendly than the US so in the absence of any actual harm, that would discharge most of their obligations to protect you following an incident.

[ooterness]

Who decided credit monitoring was an adequate remedy for these breeches? I think I've accumulated three or four lifetimes of it by now, but it's never done anything but spew false alarms.