[sillystu04]

That sounds dangerously close to victim blaming.

Obviously if Co-op were negligent in their handling of member data they're also guilty of something. But even the best organisations have some level of exposure to phishing related attacks.

[chrisjj]

Phishing? Says who?

Not the target. https://www.coop.co.uk/cyber-incident-faqs

[happymellon]

That says absolutely nothing.

[chrisjj]

And not phishing.

[happymellon]

And not lack of security.

[chrisjj]

That's bullet #1.

____

We recently experienced a cyber incident where malicious third parties attempted to access our systems. As part of this, data was extracted from one of our systems.

[happymellon]

Which could be due to phishing and not a lack of security.

[bendigedig]

I am not sure victim blaming is really an issue given this applies to the hyper-rational world of corporations.

One of the problems with victim blaming is that it typically ignores power dynamics at play and blames the powerless. I think the coop has the resources to be able to stand on its own two feet and take appropriate security measures.

[chrisjj]

I'll stick with culprit blaming.

Note the purported response is "put in place enhanced security measures to minimise disruption and protect" ... which were evidently lacking at the time.