Someone should start a web site archiving the inappropriate responses we get when we try to notify entities that they’ve had a data breach. This would be my entry for today:
I tried to alert an entity that they’d been hacked and data had been exfiltrated. It was after normal business hours, and I could find only one extension that reached an actual person. I told them why I was calling, figuring that they would take the information and escalate the message internally.
I seem to have figured wrong.
The employee told me that their extension was for emergencies, and that unless I had an emergency, theirs was the wrong extension. I replied that I understood that, but I was trying to alert the firm to *their* emergency.
Did they try to transfer my call? No, they did not.
Did they ask for information that might have helped them? No, they did not.
They hung up on me.
And no, I didn’t call back.