How about devastated that you allowed it to be taken?
I may of missed something, but I understood that these were direct attacks that exploited phishing attacks. Was she advised to do something, or allow other people to do something that she denied?
IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack, and this is what we are going to do to try and make this right.
With the ability of AI to generate pitch perfect voices, it's getting harder to vet things. Especially if the person has already been phished.
Inadequate security.
> I may of missed something, but I understood that these were direct attacks that exploited phishing attacks.
So?
> IMHO the statement should be
> I'm devastated that this happened despite our best efforts to prevent this type of attack
It seems she decided instead to stick to the truth.
Obviously if Co-op were negligent in their handling of member data they're also guilty of something. But even the best organisations have some level of exposure to phishing related attacks.
Not the target. https://www.coop.co.uk/cyber-incident-faqs
____
We recently experienced a cyber incident where malicious third parties attempted to access our systems. As part of this, data was extracted from one of our systems.
One of the problems with victim blaming is that it typically ignores power dynamics at play and blames the powerless. I think the coop has the resources to be able to stand on its own two feet and take appropriate security measures.
Note the purported response is "put in place enhanced security measures to minimise disruption and protect" ... which were evidently lacking at the time.