Ask HN: Why are companies seemingly always reporting incorrect breach numbers

2 points by cwperkins ↗ HN
I am starting to become skeptical when a company first releases breach numbers. We have seen now on numerous occasions Equifax, Wells Fargo and now Yahoo revise their numbers upwards. My question is: is this because the company is generally giving a good faith estimate before getting the actual number, or is this an attempt by the companies to publicly minimize the extent of the hack and then revising later.

1 comment

[ 3.0 ms ] story [ 8.3 ms ] thread
It could also be that the people responsible for reporting the numbers (PR, communications) are not the same people responsible for investigating the breach (IT, engineering).