Typically, hacked organizations are able to keep incident response reports private, and avoid costly suits, by shielding the details under attorney-client privilege. Not under a recent decision in a case tied to the Capital One breach. (Getty Images)
