A software company client was the target of a cybersecurity incident in which a threat actor accessed customer data and attempted to sell it on the dark web. The aftermath involved serious customer and partner ramifications, and multiple phases of legal response.
The client found out about the incident late on a Friday evening. By Saturday morning, Nemphos Braue attorneys were engaged and addressed initial triage throughout the weekend, recognizing the urgency and ready to respond.
Attorneys were able to address the incident in 3 key phases:
- Coordinating on incident response and identifying the scope of the breach;
- Analyzing immediate legal obligations given jurisdictions involved, e.g., whether and when to notify customers, regulators, and affected individuals; and
- Helping draft and implement a communication strategy for affected customers, reviewing discussions with and responses to customer questions.
This last phase went on for several weeks. Many customers wanted to know exactly what data was breached, wanted an explanation of how it happened, and wanted help with their own corresponding notifications. In some cases, Nemphos Braue attorneys were present on calls with customers, negotiating certain responsibilities with respect to
breach remediation. The legal team also coordinated resources to help their client obtain the forensic, tech, security, and legal tools needed to contain the breach and develop a strategy to move forward.
Nemphos Braue attorneys and the client already had a pre-existing relationship, long before the data breach. This connection likely saved critical time and money for the client, allowing for an immediate response and eliminating the need for background on the client’s structure, relationships and policies.
In the end, the actual damage could have been far worse if more sensitive data had been released. Regardless, this was a massive issue for the client, significantly affecting their customer relationships and internal management. Customers affected were located not just in North America, but in Europe and Asia, too. It’s possible that the
threat actor logged into an internal account and was able to access test data. It serves as a reminder that cybersecurity protections must involve internal security too.
Engage with Nemphos Braue BEFORE anything happens to:
- Identify and mitigate risks
- Enable a rapid response plan
- Protect the company during an investigation
