backtrackingonstatements"weweren'tbreached""highlysophisticatedattacker"(dude withchromeinspector)"no evidence itwas exploited"(because therewere no logs)plaintextpasswords"nobodyisperfect"threatento callpolice onwhite hat>100kaccountsbreachednot fixeduntilpubliclydiscloseddata privacycommissionernot notified intime"[the whitehat] isbreakingthe law""we areinvestigating""thereare noissues"public s3 /elasticsearch"don'tworryyour datais safe""only asmallportion ofour users""it wasonly for afewminutes"really easy,like reallyeasy toexploitnosecurityteam"ourapp/websiteexperiencedsomeissues"ignore itand hopeit goesawayeasilydisprovedliemore usersaffected thaninitiallythought"someone'sout to getus"backtrackingonstatements"weweren'tbreached""highlysophisticatedattacker"(dude withchromeinspector)"no evidence itwas exploited"(because therewere no logs)plaintextpasswords"nobodyisperfect"threatento callpolice onwhite hat>100kaccountsbreachednot fixeduntilpubliclydiscloseddata privacycommissionernot notified intime"[the whitehat] isbreakingthe law""we areinvestigating""thereare noissues"public s3 /elasticsearch"don'tworryyour datais safe""only asmallportion ofour users""it wasonly for afewminutes"really easy,like reallyeasy toexploitnosecurityteam"ourapp/websiteexperiencedsomeissues"ignore itand hopeit goesawayeasilydisprovedliemore usersaffected thaninitiallythought"someone'sout to getus"

Data Breach Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. backtracking on statements
  2. "we weren't breached"
  3. "highly sophisticated attacker" (dude with chrome inspector)
  4. "no evidence it was exploited" (because there were no logs)
  5. plaintext passwords
  6. "nobody is perfect"
  7. threaten to call police on white hat
  8. >100k accounts breached
  9. not fixed until publicly disclosed
  10. data privacy commissioner not notified in time
  11. "[the white hat] is breaking the law"
  12. "we are investigating"
  13. "there are no issues"
  14. public s3 / elasticsearch
  15. "don't worry your data is safe"
  16. "only a small portion of our users"
  17. "it was only for a few minutes"
  18. really easy, like really easy to exploit
  19. no security team
  20. "our app/website experienced some issues"
  21. ignore it and hope it goes away
  22. easily disproved lie
  23. more users affected than initially thought
  24. "someone's out to get us"