Curious how the compromised company can report if the compromise has not been detected