Sunday Funnies – Post-Breach Corporate Speak


We try to save up some funny stuff for our Sunday Funnies post, and I admit this is pretty borderline.  Maybe not funny.  But I do love corporate-speak, and since tomorrow we will be discussing the things you can do if your personal information is part of a data breach, we thought this might be a fun way to open this discussion.

Thanks to our friends at Sophos, for the following list of things that corporations say to their clients after a data breach, and what they really mean.

“We take the security of our customer data extremely seriously”

*Now*. We take the security of our customer data extremely seriously *now*.

“The vast majority of customers were not affected”

As luck would have it the hackers didn’t find the Excel spreadsheet in the CEO’s inbox that has most of our customer data on it.

“This afternoon we became aware that some of our systems had been compromised”

There’s a giant flaming skull on our home page.

“The attack had all the hallmarks of a state-sponsored attack”

They sent us emails. DEAR GOD, THEY KNEW OUR NAMES!

“Forensic analysis has concluded that some customers may have been affected”

You’re on Pastebin.

“We’ve called the malware StealthOverlord3000”

The marketing team are in shock and we don’t know how to make them stop.

“As soon as we discovered the attack we immediately began working to close the security vulnerability”

It’s amazing, that really exasperated guy in IT who looks like he pulled his own hair out knew where to start straight away.

“We have been fully cooperating with the FBI’s investigation.”

…it’s almost like they knew our passwords already.

“We have retained one of the world’s leading cybersecurity firms to assist us in our investigation”

A week ago we couldn’t afford an EV SSL certificate, now it’s raining money!

“We are sorry”

You guys reacted really, really, badly to the first three statements we put out.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.