Burden of Proof
What level of proof does one need to shake money out of these slimes. The fact they lost critical customer data should be enough for them to make the customers whole. I smell a nasty lawsuit brewing. Also, does the GPDR have any sway on this breach (asking out of genuine ignorance)?