Sunday Funnies – Post-Breach Corporate Speak


We try to save up some funny stuff for our Sunday Funnies post, and I admit this is pretty borderline.  Maybe not funny.  But I do love corporate-speak, and since tomorrow we will be discussing the things you can do if your personal information is part of a data breach, we thought this might be a fun way to open this discussion.

Thanks to our friends at Sophos, for the following list of things that corporations say to their clients after a data breach, and what they really mean.

“We take the security of our customer data extremely seriously”

*Now*. We take the security of our customer data extremely seriously *now*.

“The vast majority of customers were not affected”

As luck would have it the hackers didn’t find the Excel spreadsheet in the CEO’s inbox that has most of our customer data on it.

“This afternoon we became aware that some of our systems had been compromised”

There’s a giant flaming skull on our home page.

“The attack had all the hallmarks of a state-sponsored attack”

They sent us emails. DEAR GOD, THEY KNEW OUR NAMES!

“Forensic analysis has concluded that some customers may have been affected”

You’re on Pastebin.

“We’ve called the malware StealthOverlord3000”

The marketing team are in shock and we don’t know how to make them stop.

“As soon as we discovered the attack we immediately began working to close the security vulnerability”

It’s amazing, that really exasperated guy in IT who looks like he pulled his own hair out knew where to start straight away.

“We have been fully cooperating with the FBI’s investigation.”

…it’s almost like they knew our passwords already.

“We have retained one of the world’s leading cybersecurity firms to assist us in our investigation”

A week ago we couldn’t afford an EV SSL certificate, now it’s raining money!

“We are sorry”

You guys reacted really, really, badly to the first three statements we put out.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.