That's the message Cariss has attempted to spread in an email sent to customers, with a strong note of self-pity dominating her missive.
As an aside, the headline she used, "Learnings from recent security incident and roundtables" reminded one of the Sacha Baron Cohen film "Borat: Cultural Learnings Of America For Make Benefit Glorious Nation Of Kazakhstan".
The breach was announced on 6 June, with the company indicating that it had been first noticed on 23 May.
With a list like that, you'd be inclined to think that whoever made their way into the network would have left with something that made the breach worth their while. But it seems these hackers were on L plates. Or so PageUp would have us believe.
The one line included in the email about the investigation conducted by Klein & Co is telling: "It concluded that while an attacker was successful in installing tools that could exfiltrate data, no specific evidence was found that data was exfiltrated." (emphasis mine).
So was there any general evidence that data was exfiltrated? (Emphasis mine again). Cariss hasn't said a word more, but spent a good deal of the rest of a fairly long email wallowing in self-pity, outlining the strain that the company's staff were put under but having little regard to being open about the incident.
"The incident placed a significant strain on our internal team. Some team members took the frustrations of our customers personally and all were so committed to responding to the needs of our customers that they worked around the clock, causing people to be incredibly tired," Cariss wrote.
In other words, poor us, we suffered so much because of this breach. Why a company which turned over $31 million in 2015-16 could not be bothered putting a proper security strategy in place was never mentioned.
PageUp's communication with the media was pathetic at best. But even for this, Cariss blamed the PR company or companies that were advising her. One of them we know – the biggest global PR firm, Edelman.
But its skills in media management were laid bare when the head of its Australian operations, Edelman Australia managing director Scott Thomson, tried to imply that this writer was aiding the authors of a book on breach management by writing about the PageUp incident. That's the best he could do, which begs the question: why was Edelman hired?
Cariss says in her email, "Openness is part of our DNA..." which sounds mighty peculiar coming from a company that even today has yet to provide a comprehensive public statement as to how the breach occurred and the extent of damage. Some information was published on 19 June; additional details were published on an undated Web page which was not linked from anywhere on the company's's website.
And to cap it all, the company has no media contact details listed on its website.
Apart from the company's incompetence, the one thing that the breach proved is that the Australian data breach law has no teeth. It is a figleaf and the public should not be deceived into believing that they will be in any protected.