Comment by dathinab
5 years ago
Idk. while banks have to report on this they are (as far as I know) still free to publicize details.
We normally don't hear about this things not because they can't speak about it but because they don't want to speak about it (bad press).
My guess is that it's a company which takes security relatively serious, but isn't necessary very big.
> hot target [..] else big enough to be a target
I don't thing you need to be that big to be a valid target for a attack of this kind, neither do I think this attack is on a level where "only the most experienced/best hackers" could have pulled it of.
I mean we don't know how the dev laptop was infected but given that it took them 3 month to reinfect it I would say it most likely wasn't a state actor or similar.
Doesn’t the GDPR force them to talk about it? I mean all potentially affected people must be informed.
Indeed, GDPR requires you to inform the Data Protection Authority and affected users.