"thereare noissues"ignore itand hopeit goesaway"[the whitehat] isbreakingthe law"threatento callpolice onwhite hatnot fixeduntilpubliclydisclosed"only asmallportion ofour users">100kaccountsbreached"it wasonly for afewminutes"more usersaffected thaninitiallythoughtplaintextpasswords"ourapp/websiteexperiencedsomeissues""weweren'tbreached"backtrackingonstatements"don'tworryyour datais safe""someone'sout to getus"easilydisprovedlie"nobodyisperfect""we areinvestigating"nosecurityteamdata privacycommissionernot notified intimepublic s3 /elasticsearch"no evidence itwas exploited"(because therewere no logs)"highlysophisticatedattacker"(dude withchromeinspector)really easy,like reallyeasy toexploit"thereare noissues"ignore itand hopeit goesaway"[the whitehat] isbreakingthe law"threatento callpolice onwhite hatnot fixeduntilpubliclydisclosed"only asmallportion ofour users">100kaccountsbreached"it wasonly for afewminutes"more usersaffected thaninitiallythoughtplaintextpasswords"ourapp/websiteexperiencedsomeissues""weweren'tbreached"backtrackingonstatements"don'tworryyour datais safe""someone'sout to getus"easilydisprovedlie"nobodyisperfect""we areinvestigating"nosecurityteamdata privacycommissionernot notified intimepublic s3 /elasticsearch"no evidence itwas exploited"(because therewere no logs)"highlysophisticatedattacker"(dude withchromeinspector)really easy,like reallyeasy toexploit

Data Breach Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. "there are no issues"
  2. ignore it and hope it goes away
  3. "[the white hat] is breaking the law"
  4. threaten to call police on white hat
  5. not fixed until publicly disclosed
  6. "only a small portion of our users"
  7. >100k accounts breached
  8. "it was only for a few minutes"
  9. more users affected than initially thought
  10. plaintext passwords
  11. "our app/website experienced some issues"
  12. "we weren't breached"
  13. backtracking on statements
  14. "don't worry your data is safe"
  15. "someone's out to get us"
  16. easily disproved lie
  17. "nobody is perfect"
  18. "we are investigating"
  19. no security team
  20. data privacy commissioner not notified in time
  21. public s3 / elasticsearch
  22. "no evidence it was exploited" (because there were no logs)
  23. "highly sophisticated attacker" (dude with chrome inspector)
  24. really easy, like really easy to exploit