A social network platform was breached by hackers taking advantage of remote working vulnerabilities (i.e., the hackers exploited employees’ VPN issues by calling and impersonating IT personnel); the platform had no CISO in place, and did not implement any significant compensating controls after shifting to a remote workforce (e.g., proper multi-level authentication, phishing and vishing campaigns for employee awareness).