Editors Note: This blog is a work of fiction/humor and was originally published as such on the Cylance ThreatVector Blog, May 24, 2019, by Tag Cyber.
To Our Compromised Customers:
Our team at (insert company name) tried to secure its computer systems behind an old-fashioned perimeter, and the result is that hackers penetrated and persisted in our network for (insert # of months) and stole the (insert things stolen) you trusted us to protect.
We are just letting you know now because it took our lawyers (insert # of weeks) to come up with a believable story that would mostly blame (insert hackers, nation-states, or third parties).
The good news is that our incident is of no consequence to you because your (insert things stolen) have already been compromised dozens of times by others including (insert names of prior companies and agencies previously hacked). This point will be made by our massive team of lawyers during any future class action suit to prove that no real harm has been done. So, don’t waste your time.
Additional good news for our investors is that we bought (insert $ amount) worth of cyber insurance, and we have done a stellar job successfully completing the pages and pages of paperwork for our (insert list of compliances). We will just keep our heads down until this little incident blows over, which it will. Our stock price will be back to normal in (insert # of weeks).
I should tell you that I fired our CISO, who I met for the first time during this incident. I am told that this is the (insert second, third or fourth) executive to hold this position in the past (insert one, two or three) years. My board is pleased that I took this bold firing action, and they should know, because they received a brief talk on cyber hygiene at our last retreat. So, they are experts.
You should visit our flashy response website that we set up with enough added security to make it nearly impossible to get to the mostly useless information we included. You might also consider accepting our offer of (insert one, two or three) years of identity protection because it will limit our liability for future class action suits. It’s all explained in the fine print; which we know you will not read.
My advice is that you should just forget about this little incident. I know I will. I mean, there are so many more serious issues in our world that deserve your complete and undivided attention such as (insert North Korea, global warming or high tuition). The last thing you should be worried about is another compromise of (insert things stolen) that have already been ripped off before by others.
We are certain that our team will cause another incident in the future, so please just use this same letter in advance of that inevitable (insert type of breach). Until then, let’s just forget about this little misunderstanding so that you can get back to your normal life. Deal?
Regards,
(Insert name of honest CEO)
