Every so often, we see a company announce a breach in its systems, followed closely by a group claiming responsibility. This is sometimes accompanied by the group advertising that they have the impacted data for sale, usually for a high price. It's often very difficult to verify that the group does or does not have what it claims it does, but the potential that they do always looms.