Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
I finally received this email Monday night, a full four days after Apple’s developer website went down. That feels like a long time to be leaving your customers in the dark on what’s going on. I understand they needed time to investigate but Apple left everyone in the dark on what was happening for several days.
How would you handle informing your customers in this kind of situation?