Will any organisation publish a post-mortem in 2026 that blames a single employee for a major breach?

About

Industry folklore says blameless post-mortems have won. This market puts that to the test: at least one breach disclosure or post-incident write-up published in calendar 2026 from a company with at least 1,000 employees must explicitly attribute the root cause to a named or single, identified individual employee (e.g., "an engineer clicked a link", "an admin misconfigured S3"), as opposed to systemic / process failure.

Resolution criteria

Resolves YES if a public post-mortem, regulatory filing, or press statement issued in 2026 by an organisation with at least 1,000 employees explicitly identifies one specific employee as the proximate cause of a breach, in language a reasonable reader would call "blame" rather than systemic analysis.

Source

Company blog post-mortems, SEC 8-K filings, ICO/CNIL/FTC notifications, mainstream tech press (KrebsOnSecurity, BleepingComputer, The Record).

Ambiguity

Resolves AMBIGUOUS if the only candidate statements are leaks/anonymous reporting, or if the language is genuinely ambiguous between blame and contextual description.

Discussion

Loading comments…