Apparently some company I do business with shared my data with another corp without me knowing,
WTF?
then that corp who I did not know had my data was breached.
WTF?
Then the breached corp who could not competently secure the data in the first place offers victims gratis credit monitoring services (read: offers to let yet another dodgy corp also have people’s sensitive info thus creating yet another breach point). Then the service they hired as a “benefit” to victims outsources to another corp and breach point: Cloudflare.
WTF?
So to be clear, the biggest privacy abuser on the web is being used to MitM a sensitive channel between a breach victim and a credit monitoring service who uses a configuration that blocks tor (thus neglecting data minimization and forcing data breach victims to reveal even more sensitive info to two more corporate actors, one of whom has proven to be untrustworthy with private info).
I am now waiting for someone to say “smile for the camera, you’ve been punk’d!”.
(update)
Then the lawyers representing data breach victims want you to give them your e-mail address so they can put Microsoft Outlook in the loop. WTF? The shit show of incompetence has no limit.
(update 2)
It’s interesting to note that the FTC as well as a data breach lawyer both recommend that data breach victims take advantage of the free credit monitoring. I’m a bit surprised. As much as I want to cause the breached company to incur a cost for that subscription, it seems like a foolish move to put my sensitive info in the hands of yet another dodgy 3rd party.