IR Hotline Numbers:

+44 20 3318 1470
+60 154 877 0076
+61 2 7908 1745
+65 3165 8788
caution icon

Experienced a breach? Reach us now

company logo
banner image

PII Breach Response

You have some explaining to do

When you've had a security breach that includes Personally Identifiable Information (PII), regulators around the world are becoming very clear: you have to notify the people whose data you've lost, and you have to put protection in place to make sure it doesn't happen again. From General Data Protection Regulation (GDPR) in Europe, Data Protection Act (DPA) in the UK, the Personal Data Protection Act(s) in Singapore, to the variety of Privacy Legislation administered by the Office of the Australian Information Commissioner (OAIC) in Australia, regulators repeat the same requirements, and enforce them with fines and punitive action if you fail to comply

Our incident response work has shown over and over again that attackers know this, and increasingly steal and threaten to expose PII as an effective piece of blackmail. Every new piece of privacy legislation paints another target on your company. Once you're in this situation your options are limited to paying extortionate ransoms to organised crime, or seeing the reputational damage to your firm and the potential fines from regulators when the blackmailers publish.

Your key steps after a PII Breach:

Understand what's been taken

Understand your legal obligations around reporting and notification

Identify every individual in the dataset

Clear communications with your regulators

Establish a clear future plan for recovery and protection

Monitor the dark web for evidence of the sale of your corporate data

Unless your systems and data are exceptionally well managed, you're going to have a hard time identifying what's been taken and who has been affected, and this will put you in a bad negotiating position. If the attackers left servers encrypted behind them, it complicates matter further. The most important thing now is to understand what's happened and minimise the damage to you and to the people whose data you hold.

How Pragma can help

Every situation is different, but we've found some actions have a greater impact than others.

Advice on your legal obligations

Our in house legal team can help you understand which laws apply to you and what your obligations are. Where necessary we can recommend external legal counsel with a strong track record in PII cases in your country. It's important to understand what counts as PII in your jurisdiction, whether the attacker's actions would trigger the legislation, what you have to report and by when, and what obligations you have around future protection for yourself and the data subjects

Data recovery and analysis

When even small computers have terabyte hard drives, the size of the compromised dataset can get enormous. Identifying how much of this is PII, and who the individuals affected are, becomes an enormous task. We have specialist tools that can analyse large datasets and pick out the PII, and extract a simple entity database of individuals affected and what data each has lost. Understanding your dataset is key to managing your risk

Regulatory reporting

We have experience reporting to data protection regulators around the world, and we know what they are looking for and what they really don't want to see. We will help you set up a positive dialogue with your regulators, and support it with technical reporting that demonstrates the facts of the case and helps you manage your liabilities

Public Communications

Our communications team can help you manage and deliver the necessary data subject notifications, and manage the message to the media. When you're dealing with a complex clean-up job, the last thing you want to do is become front page news or suffer a wave of customer anger.

Root Cause Analysis

Our forensic analysis team will help you identify unequivocably how the attack happened and what weaknesses were exploited to gain access. Your attackers already know this: unless you understand it too and close your security vulnerabilities, they'll be back soon to add more leverage to blackmail demands.

Response Plans

You don't want to go through this again. Your regulators want to know you're not going to go through this again. Our technical security architects will work with you to identify not just how this attack happened, but to identify any systemic weaknesses or data management flaws that may leave you vulnerable. Our consultants will help you create a plan of action to ensure the most important vulnerabilities are resolved quickly, and demonstrate to all affected parties that you have the situation under control.

Join the Pragma Community Today

Email

Solutions

Cyber Advisory

Technology Risk

Compliance, Conduct, and Regulatory Risk

IT Audit

Testing

Incident Response

Managed Security Services

Security Products

Insights

Case Studies

Whitepapers

Events

Blog

Press Room

About Us

Join Us

Contact Us

Pragma Logo

Terms & conditions

Privacy Policy

© 2024 Pragma. All Rights Reserved. Pragma® and the Pragma logo are registered trademarks of Pragma Pte Ltd