In our subsequent investigation, we'll look at all of the circumstances and make a recommendation.
One of the big issues we had in our previous investigation was the authentication of users and the fact that there is a lack of multifactor authentication. That was because the sensitivity and risk were assessed to be too low. That is one of the trends we see. It's not just in this instance but also in other instances. There's a sense that harm to individuals is not being treated at the level it should be. They said, “Well, you're just losing some money. It's not your health.”
That was an instance when we disagreed. We said, “Well, this is being assessed at a level 2 risk. We're assessing it at a level 3 risk.” In fact, if a fraudster takes $1,000 from you, you can get sick from that. You can get stressed about that. You can end up in major situations—owing money, going to court and all of those things. We found this is a level 3 risk. If you treat it as a level 3 risk, you're going to put in place level 3 protections, with multifactor authentication.