That information is likely already in the hands of various folks as I highly doubt the authors were the first to find this glaring security issue, they’re likely only the first to disclose it. If McKinsey has hard data that nobody else exploited this now would be a good time to disclose that given what sounds like an extremely severe data leak.

The chat messages are very very sensitive. You could easily reverse engineer nearly every ongoing Mck engagement. The underlying data is not as sensitive, its decades of post-mortems, highly sanitized. No client names, no real numbers.