new | ask | show | jobs
autoexec 13 hours ago  [ - ]

> datePublished":"2025-11-27T04:39:29.000Z

Considering they were aware of this on the 8th (who knows how long that was after it actually happened) it's a little disappointing that they'd wait until the day before such a major holiday to post about it. Unsurprising sure, but still disappointing.

bflesch 13 hours ago  [ - ]

This is in breach of the 72hr GDPR notification window

fmajid 11 hours ago  [ - ]

China’s is even more stringent at 4 hours, down to 1 hour for high-severity incidents:

https://www.theregister.com/2025/09/16/china_1hour_cyber_rep...

https://privacymatters.dlapiper.com/2025/09/china-new-strict...

gcbirzan 8 hours ago  [ - ]

Only the supervisory authorities are required to be informed in 72 hour, and even there, it's not a hard rule, you can have excuses.

 5 hours ago  [ - ]
[deleted]
skeeter2020 6 hours ago  [ - ]

this is for the regulator or governing body, not public. Most big clients will have an explicit reporting window in their contract though