Wouldn’t that mean they could still exfiltrate it to another jira site they control?