We try to save up some funny stuff for our Sunday Funnies post, and I admit this is pretty borderline. Maybe not funny. But I do love corporate-speak, and since tomorrow we will be discussing the things you can do if your personal information is part of a data breach, we thought this might be a fun way to open this discussion.
Thanks to our friends at Sophos, for the following list of things that corporations say to their clients after a data breach, and what they really mean.
“We take the security of our customer data extremely seriously”
*Now*. We take the security of our customer data extremely seriously *now*.
“The vast majority of customers were not affected”
As luck would have it the hackers didn’t find the Excel spreadsheet in the CEO’s inbox that has most of our customer data on it.
“This afternoon we became aware that some of our systems had been compromised”
There’s a giant flaming skull on our home page.
“The attack had all the hallmarks of a state-sponsored attack”
They sent us emails. DEAR GOD, THEY KNEW OUR NAMES!
“Forensic analysis has concluded that some customers may have been affected”
You’re on Pastebin.
“We’ve called the malware StealthOverlord3000”
The marketing team are in shock and we don’t know how to make them stop.
“As soon as we discovered the attack we immediately began working to close the security vulnerability”
It’s amazing, that really exasperated guy in IT who looks like he pulled his own hair out knew where to start straight away.
“We have been fully cooperating with the FBI’s investigation.”
…it’s almost like they knew our passwords already.
“We have retained one of the world’s leading cybersecurity firms to assist us in our investigation”
A week ago we couldn’t afford an EV SSL certificate, now it’s raining money!
“We are sorry”
You guys reacted really, really, badly to the first three statements we put out.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com