The victim of the data breach would benefit from not having to guess at what data was stolen, as it would have been passed over from the hacked entity (like Harvard Pilgrim Healthcare/Point32Health). IDX should also provide its own resume to the victim, explaining how IDX is qualified to be a trusted entity, and clarifying the level of their own investment in data security.