Astonishingly, it took FatFace over 2 months to inform customers about this breach, which may have led to an increased risk of identity theft or targeted phishing emails. What makes this even worse is that FatFace attempted to keep this information private - even after the breach was disclosed to their customers - attempting to keep it limited to only those affected knowing about it. It can be extremely damaging trying to bury a breach – far worse than being honest up front and admitting it at the earliest opportunity. Breaches are inevitable and we can all learn from them, so it is vital we start to share best practice and discuss how systems are compromised among our peers.