This time, it's (get this...) my employer's Canadian subsidiary's group health plan's provider's banking partner's provider of file transfer services, #MOVEit.
"The type of #data accessed could include any of..." <everything needed for #identity#theft>, and as an extra-special bonus, "#Health information relating to a claim"!
"We have been closely monitoring this situation and have found no #evidence of any #data involved in this #incident being further disclosed or misused".
Stop. The first part sounded like almost-an-apology, but this kind of weasel-language just throws that in the toilet.
Just #admit that 1) you don't have sufficient audit records to know what information was accessed or for which clients, 2) you done screwed up, and 3) that anyone might have it by now, and you'd have no way to know it.
Add comment