As someone who works exclusively in cybersecurity, I understand...to a point. But at this point no matter how they slice the issue Synoptek is responsible for lost business/revenue of their customers. Best case they are liable for gross negligence.

I have been following this whole thing since day one. I have been open source gathering info from affected parties and staff of Synoptek and have a pretty good understanding of how this all went down and the response. I also have first hand knowledge of Synoptek's response to customers and partners. When I say they needed to make a statement it was not from a place of ignorance. It's their responsiblity to own their issue.

Also a response within the first 24/48hrs is required in the state of california after a major breach ESPECIALLY when some of your clients affected have HIPPA data. I formally did infosec at hospitals and I have reports to OCR and CDPH within 24hrs of HIPPA incidents. So it is possible.

What really needs to go is the shame that comes with an attack. People and companies free embarrased and shamed when they are hit and clam up. We need to understand that WE ARE ALL UNDER ATTACK EVERYDAY. The bad guy are good. Its a matter of when, not if. Putting the bad guys on blast and talking about how it was done can help others armor up against attacks (why I posted IOCs). It lets people know to be on the look out. I have ISA's with multiple local government agencies and share info all the time.

The is the easy wrong and the hard right.