> It depends. It's possible a company could catch a breach while the data is being dumped to s3/russia/wherever and cut it off before everything is extracted.
At that point honest behavior would still assume all accounts were transferred. You don't know that data was not transferred earlier or it's also hard to estimate what part of data was sent successfully.
If data could be accessed it should be treated as compromised.
At that point honest behavior would still assume all accounts were transferred. You don't know that data was not transferred earlier or it's also hard to estimate what part of data was sent successfully.
If data could be accessed it should be treated as compromised.