A recent incident involving the Equifax / Strut2 exploit

After formalities and introductions; this is how the conversation proceeded.  Obfuscated due to NDAs and Confidentiality agreements.


Me - something polite akin to "You are breached."

Them - something akin to "We are PCI compliant.  We are not breached." 


What I want to ask - Are you sure about that?