Originally Posted by minusonebit

I agree completely, but I'd put the number closer to 95%.



That would be a good tactic for the lawyer to try if the other side had a fence post representing them that was asleep at the counsel table, but thats not what the law says. The law doesn't say they get to wait until they nailed down with exact certainty what was stolen and how, it says that as soon as you know a breach happened you start notifying people. And anyway, we are talking about a matter of months gone by here. Thats gonna be a very hard sell to the Court that it took them about three months to determine that a breach had happened and who was effected (and even now they still don't seem to know what happened). Maybe if they were AT&T and had to search every single central office switch in the world that could fly, but they aren't. They have - at the most - 1,000 servers to search and most of them probably easily accessible. The maximum amount of time that should take is a few days for someone busting ass to find something.