>>2eh, it's normal. when the employee (or a member of a group) fucks up, there's usually internal investigation (and punishment) but they almost never publish who it was. there were plenty of large-scale data breaches in past few years and yet they never mention the guilty employee - if public scapegoat is needed, it's usually the chief of security department