People are first finding out NOW? Look at this timeline, provided by Sergiu Gatlan in his reporting on BleepingComputer:
Guidehouse notified Morgan Stanley in May 2021.
Guidehouse had been breached in January through the Accellion vulnerability. Guidehouse discovered the breach in March and the impact to Morgan Stanley customers in May.
Why didn’t Guidehouse discover the breach sooner? And why didn’t they discover the potential impact to MS customers sooner? Are these time frames reasonable but just unfortunate or will we get to some point where entities will have to discover and notify much much sooner?