No supprised
as a former Nominet Employee who left in 2019 I would say I am not surprised.
if you outsource your security and innovation ignore your own staff experience and expertise then you get this.
Nominet management needs to learn that they are completely useless and need to refocus on the basics.
questions here is why they was still using a SSL VPN service instead of Zero trust.
they started it with the registry and was going to implement yubbi keys, but looks like they didn't follow it though.
So, @nominet, when did you contact us all directly to tell us that our data has been compromised? as it seams you have only contacted a select few as normal.