Words are cheap, but "We are sorry." is a surprisingly rare thing for a company to say (they will usually sugarcoat it, shift blame, add qualifiers, use weasel words, etc.), so it's refreshing to hear that.
This is a classic example of a fake apology: "We regret that this incident has caused worry for our partners and people" they are not really "sorry" that data was stolen but only "regret" that their partners are worried. No word on how they will prevent this in the future and how it even happened. Instead it gets downplayed ("legacy third-party","less than 25% were affected" (which is a huge number), no word on what data exactly).
How would the apology need to be worded so that it does not get interpreted as a fake apology?
In terms of "downplaying" it seems like they are pretty concrete in sharing the blast radius. If less than 25% of users were affected, how else should they phrase this? They do say that this was data used for onboarding merchants that was on a system that was used in the past and is no longer used.
I am as annoyed by companies sugar coating responses, but here the response sounds refreshingly concrete and more genuine than most.
I always presume the "We are sorry" opens up to financial compensation, whereas the "we regret that you are worried" does not.
In my country, this debate is being held WRT the atrocities my country committed in its (former) colonies, and towards enslaved humans¹. Our king and prime minister never truly "apologized". Because, I kid you not, the government fears that this opens up possibilities for financial reparation or compensation and the government doesn't want to pay this. They basically searched for the words that sound as close to apologies as possible, but aren't words that require one to act on the apologies.
¹ I'm talking about The Netherlands. Where such atrocities were committed as close as one and a half generations ago still (1949) (https://www.maastrichtuniversity.nl/blog/2022/10/how-do-dutc...) but mostly during what is still called "The Golden Age".
Agreed. It's just a classic way to manipulate the viewers. They just wanted to sound edgy for not paying a ransom, which is definitely a good thing. Never pay these crooks but you left a legacy system online without any protections? That's serious
> No word on how they will prevent this in the future and how it even happened.
Because these things take time, while you need to disclose that something happened as fast as possible to your customers (in the EU, you are mandated by the GDPR, for instance).
sunaookami|3 months ago
koliber|3 months ago
In terms of "downplaying" it seems like they are pretty concrete in sharing the blast radius. If less than 25% of users were affected, how else should they phrase this? They do say that this was data used for onboarding merchants that was on a system that was used in the past and is no longer used.
I am as annoyed by companies sugar coating responses, but here the response sounds refreshingly concrete and more genuine than most.
berkes|3 months ago
In my country, this debate is being held WRT the atrocities my country committed in its (former) colonies, and towards enslaved humans¹. Our king and prime minister never truly "apologized". Because, I kid you not, the government fears that this opens up possibilities for financial reparation or compensation and the government doesn't want to pay this. They basically searched for the words that sound as close to apologies as possible, but aren't words that require one to act on the apologies.
¹ I'm talking about The Netherlands. Where such atrocities were committed as close as one and a half generations ago still (1949) (https://www.maastrichtuniversity.nl/blog/2022/10/how-do-dutc...) but mostly during what is still called "The Golden Age".
dcminter|3 months ago
That preceding line makes it, to me, a real apology. They admit fault.
contravariant|3 months ago
udev4096|3 months ago
darkwater|3 months ago
Because these things take time, while you need to disclose that something happened as fast as possible to your customers (in the EU, you are mandated by the GDPR, for instance).