I am very happy because my DevEx team at work is becoming a lot more official and getting a lot of attention. Which means we may be able to officially make it a real team and the three of us can be 100% on it. So we're creating a new wiki space and top-level jira project and all that.

But sad, too, because I am moving resilience and incident documentation out of SRE and into our space. Because I am more concerned about seeing the work get done than I am about what team should own it.

So I'm satisfied that incident program management fell into DevEx. There are also no other SREs but me (out of like 12) that like dealing with incident management anyway.

My boss said that after what I did with the retro, he is completely comfortable having me oversee the improvement of our incident management.

Seems like I am becoming adept at fixing fucked on-call rotations!

Lexington School District Four in SC reported that 15,894 residents were affected by the PowerSchool breach. The state reached out to districts on Jan. 8 to tell them what was known at that time.

The district filed this with the state today: https://www.consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/2025/LexingtonSchoolDistrictFour.pdf

It appears to be a copy of what they have sent out to residents as a preliminary notification.

If memory serves, PowerSchool had told districts they would be giving them something for communications by the evening of the 8th. Did they ever do that? Or are the four bullets in the district's notification what #PowerSchool gave districts to use?

@douglevin @brett @funnymonkey

OK, a huge thumbs up to Byte Federal for their breach notification letter. They frankly admit where they screwed up and what happened. I wish more notifications were as clear and straightforward as this one.

https://databreaches.net/2024/12/17/a-positive-example-of-forthright-breach-disclosure/

I *cringe* when I see the phrase "stand down" in regard to incident response in software.

It brings up images of police and military actions and I hate it.

I was just reading a follow-up on the Philippine Health Insurance (PhilHealth) breach by #Medusa in 2023, and I read something that struck me as unusual:

The govt didn't pay the TA's demands but what they did do was set up a portal where citizens could check to determine if Medusa had leaked their personal identification number.

I can't recall any govt or private sector entity ever creating a portal like that before. Can you? I mean, telling people to check HaveIBeenPwnd is one thing, but to create a portal on a .gov domain to check what TAs leaked?

Portal: https://philhealthleak.privacy.gov.ph/

@campuscodi @zackwhittaker @brett @troyhunt