Data Breach Checklist

Have you incurred a data breach? Here are the immediate steps to take to defend and protect.

1. Make an initial assessment

  • Determine the nature of the incident – Is it in fact a breach?
  • Determine the type of information that has been exposed
  • Locate incident response guide and begin the process
  • Assemble the incident response team as needed

2. Commence breach mitigation efforts

  • Determine if the breach is active
  • Identify all affected systems, computers, and devices
  • Interview key personnel
  • Determine the cause of the breach
  • Commence mitigation efforts
  • Determine when systems can be brought back online
  • Use alternative communications channels as needed

3. Preserve records of the breach and mitigation

  • Preserve evidence of the breach, including log files
  • Control the creation of new documents and records
  • Document all efforts to investigate and mitigate the breach
  • Involve legal as necessary, which may help to preserve the privilege

4. Notify any additional internal parties

  • Immediate data owners within the organization
  • Media relations
  • Risk management
  • Human resources
  • Employees (if impacted by the breach)
  • Depending on the scope, senior leadership and the Board

5. Notify relevant breach-response vendors

  • Outside counsel
  • Insurance broker
  • Insurance carrier
  • Breach coach
  • Credit monitoring
  • Forensics experts
  • Call centers / mailing houses

6. Notify other third parties

  • Acquiring bank (for credit card breaches)
  • Law enforcement
  • Impacted customers
  • State attorneys general
  • Regulators
  • Credit reporting agencies
  • Contract partners (if required by contract)

7. Post-mortem

  • Assess root cause of the breach
  • Assess and improve the incident response guide
  • Assess deployment of information security resources