She said the company had wanted to inform customers of the breach sooner, but had been advised by police not to do so. "One of the most difficult periods was the first 36 hours of the attack," she said. The company had received a ransom demand and had informed the police. "The next day it was very clear there was a real risk material number of customers data stolen."
She said: "I was clear by lunchtime [the next day] that the sensible thing to do to warn customers, that would make them safer. For understandable reasons, advice received from the police was not to warn our customers."
If you can manage to unscramble the nonsense above and turn it into reasonable English, it still remains complete bollocks.
The ransom demand received was pertaining to the DDOS attacks, and there is no possible way that a DDOS can, on its own, cause a loss of customer data, although obviously it can be used to screen other attacks.
That makes a nonsense of the statement "The next day it was very clear there was a real risk [ of a ] material number of customers data [ being ] stolen"
Why would that be very clear? And why would the police have anything to do with that breach, when what they were investigating was a ransom note pertaining to further a DDOS?
The DDOS had nothing to do with the loss of data, and to conflate the two as Dido has, just shows the total lack of grasp she has on the whole affair. It's no wonder they are unable to tell what data is missing yet, when they clearly have no idea what occured.
This whole statement is as confused now as her original outpourings were when the incident happened.