The standards we had in place in the U.S. were best-in-class standards. They were recognized industry practice. It wasn't like industry practice wasn't followed. In this case, as a result of human error and IT error, the vulnerability occurred and the hackers got in.
