How about instead of just saying "We take security seriously," disclose some evidence. What specific things do we normally do to keep customer data secure and prepare for attacks? How did that preparation fail this time? What was this particular attack vector? What exactly was compromised, and when? What specific, verifiable steps are we taking to make the victims (customers) whole? What specific, verifiable corrective action are we taking in order to prevent this kind and other kinds of breaches going forward?
Just saying "We take security seriously" is like saying (to quote Chris Rock) "I take CARE of my kids!" What do you want, a cookie? That's what you're supposed to do.
Just saying "We take security seriously" is like saying (to quote Chris Rock) "I take CARE of my kids!" What do you want, a cookie? That's what you're supposed to do.