result in fraud, theft or manipulation of sensitive data,"

                       as well as the "unauthorized payment transactions and
                       transfer of money."




               Despite the two cease and desist letters, ESNC released their

               findings commenting that they did so  -- "because it is the
               right thing to do."


               However, PwC said the letters were not related to the

               security analysis itself. In an email, a spokesperson for PwC

               acknowledged the existence of the vulnerability and
               confirmed that it had been fixed and that it was hard to

               trigger. It claimed that it threatened ESNC because ESNC

               wasn't an authorized user of PWC products, it wasn't
               entitled to warn PWC customers about defects in its

               products. It shouldn't have had access to the software in the

               first place, as it wasn't a licensed partner.


                       "ESNC did not receive authorized access or a license to
                       use this software. The software is not publicly available

                       and was only properly accessed by those with licenses,

                       such as PwC clients working with trained PwC staff,"




                       “The code referenced in this bulletin is not included in

                       the current version of the software which is available to

                       all of our clients,” “The bulletin describes a hypothetical
                       and unlikely scenario – we are not aware of any

                       situation in which it has materialized.” (8)





               The reality was that PwC was probably on shaky legal
               ground if it had tried to sue ESNC. But the flavour of the