For a minute there, I was worried that some fundamental flaw in Rivest-Shamir-Alderman had been found. Whew!
Ahem, make that Rivest-Shamir-Adleman.
The idea that removing already leaked sensitive data from some random FTP server will save the day is ridiculous.
“Either way, I'm saving our shit.” He typed in the command to delete the file and hit enter.
It seemed to still be in the process of exfiltration, so I’m sure it was worth a try in case it was the only copy.
The problem is that even if it was successfully deleted, it’s not safe to assume that was the only channel over which the data was extracted. The only responsible position is to consider all of the seeds exposed the moment the attacker got access to the system allowed to retrieve them.
Also, if you are building a security-critical system like this, bake constraints in! If you typically make twenty secret CDs a day, there’s no reason to ever let your system provide more than, say, 40 a day before it shuts down and locks for 24 hours.
And if you can’t build the constraints in, at least monitor for variance. I have alarms set up to trip when API requests go +/- 1 sigma to certain systems. They’ve never caught an intruder (knocks on wood) but they’ve proven extremely operationally useful.