b'When struck by DDoS, how - and what - should banking institutions communicate with their customers? Doug Johnson of the American Bankers Association advises on post-attack disclosure obligations.'