[sunaookami]

This is a classic example of a fake apology: "We regret that this incident has caused worry for our partners and people" they are not really "sorry" that data was stolen but only "regret" that their partners are worried. No word on how they will prevent this in the future and how it even happened. Instead it gets downplayed ("legacy third-party","less than 25% were affected" (which is a huge number), no word on what data exactly).

[koliber]

How would the apology need to be worded so that it does not get interpreted as a fake apology?

In terms of "downplaying" it seems like they are pretty concrete in sharing the blast radius. If less than 25% of users were affected, how else should they phrase this? They do say that this was data used for onboarding merchants that was on a system that was used in the past and is no longer used.

I am as annoyed by companies sugar coating responses, but here the response sounds refreshingly concrete and more genuine than most.

[esskay]

IMO something like:

We are truly sorry for the impact this has no doubt caused on our customers and partners businesses. This clearly should never have happened, and we take full responsibility.

Whilst we can never put into words how deeply sorry we are, we will work tirelessly to make this right with each and every one of you, starting with a full account of what transpired, and the steps we are going to be taking immediately to ensure nothing like this can ever happen again.

We want to work directly with you to help minimise the impact on you, and will be reaching out to every customer directly to help understand their immediate needs. If that means helping you migrate away to another platform, then so be it - we will assist in any way we can. Trust should be earn't, and we completely understand that in this instance your trust in us has understandably been shaken.

[Anthony-G]

Upvoted because that seemed like a genuine apology other than this phrase

> Whilst we can never put into words how deeply sorry we are

To my European ears that comes across as hyperbolic and insincere but maybe it’s fine for an American audience. These things are very culture-dependent.

[actionfromafar]

"Up to 25% of users were affected." "As many as 25% of users were affected."

"A quarter of user accounts were affected. We have calculated that to be 7% of our customers."

[hitarpetar]

an effective apology establishes accountability, demonstrates reflection on what caused the problem, and commits to concrete changes to prevent it from reoccurring

[throwaway290]

> How would the apology need to be worded so that it does not get interpreted as a fake apology?

"We regret that we neglected our security to such degree that it has caused this incident."

It's very simple. Don't be sorry I feel bad, be sorry you did bad.

[koliber]

They stated clearly in the article:

> This was our mistake, and we take full responsibility.

I wonder how much of the negative sentiment about this is from a knee jerk reaction and careless reading vs. thoughtful commentary.

[throwaway290]

the quote was "We regret that this incident has caused worry for our partners and people"

[berkes]

I always presume the "We are sorry" opens up to financial compensation, whereas the "we regret that you are worried" does not.

In my country, this debate is being held WRT the atrocities my country committed in its (former) colonies, and towards enslaved humans¹. Our king and prime minister never truly "apologized". Because, I kid you not, the government fears that this opens up possibilities for financial reparation or compensation and the government doesn't want to pay this. They basically searched for the words that sound as close to apologies as possible, but aren't words that require one to act on the apologies.

¹ I'm talking about The Netherlands. Where such atrocities were committed as close as one and a half generations ago still (1949) (https://www.maastrichtuniversity.nl/blog/2022/10/how-do-dutc...) but mostly during what is still called "The Golden Age".

[mrguyorama]

If you are unwilling to say "We are sorry" because "that opens you up to lawsuits" then you are not sorry.

Letting business concerns trump human empathy is exactly the damn problem and exactly why these companies still deserve immense ire no matter how they word their "We don't want to admit fault but we want you to think we care" press release. This is also true of something like the Dutch crown or the USA having tons of people being extremely upset at the suggestion of teaching kids what the US has actually done in it's history.

[berkes]

> If you are unwilling to say "We are sorry" because "that opens you up to lawsuits" then you are not sorry.

Exactly my point, but much better worded. Thanks.

[dcminter]

This was our mistake, and we take full responsibility.

That preceding line makes it, to me, a real apology. They admit fault.

[contravariant]

Seems a bit harsh to leave out the rest of the apology and only focus on the part that is not much of an apology.

[udev4096]

Agreed. It's just a classic way to manipulate the viewers. They just wanted to sound edgy for not paying a ransom, which is definitely a good thing. Never pay these crooks but you left a legacy system online without any protections? That's serious

[darkwater]

> No word on how they will prevent this in the future and how it even happened.

Because these things take time, while you need to disclose that something happened as fast as possible to your customers (in the EU, you are mandated by the GDPR, for instance).