"For 99.6% of users in the report, the only contact information recorded is full name and email address."
I can see the retraction already: "We have run a fully unfiltered scan, as opposed to a regular unfiltered scan, and it turns out we released the full age, name, address, and DNA sequence of every customer support user."
Remember, they have to wait until there is literally not chance of the victims mitigating the issue, because releasing the info in a timely manner may affect the next quarter's numbers and the sole consequence will be a fine, paid with other people's money.
Names and email addresses of people likely to be an Okta admin or superadmin in your org....aka a curated target list for your next spear phishing campaign
I can see the retraction already: "We have run a fully unfiltered scan, as opposed to a regular unfiltered scan, and it turns out we released the full age, name, address, and DNA sequence of every customer support user."