Case Studies

SaaS Company

Rapid legal response and client support in the aftermath of a data breach
HR Software Company

A Software-as-a-Service (SaaS) company client was the target of a cybersecurity incident in which a threat actor accessed customer data and attempted to sell it on the dark web. The aftermath involved serious customer and partner ramifications, and multiple phases of legal response.

The client found out about the incident late on a Friday evening. By Saturday morning, Nemphos Braue attorneys were fully immersed and worked throughout the weekend on the data breach response to meet strict privacy law deadlines for notification. Affected customers were located in North America, Europe, and Asia.

Attorneys worked seamlessly with the company’s management team throughout the process to address the incident.

KEY PHASES

  1. Coordinating on incident response and identifying the scope of the breach
  2. Analyzing immediate legal obligations given jurisdictions involved, e.g., whether and when to notify customers, regulators, and affected individuals
  3. Developing and implementing a communication strategy for interacting with affected customers, reviewing discussions with, and responses to, customer questions to meet statutory guidelines

This last phase went on for several weeks. Customers wanted to know exactly what data was breached, how it happened, and wanted help with their own corresponding notifications.

EXPERTISE MATTERS

Nemphos Braue attorneys worked with the executive team on coordination of the overall response, communication with customers, and execution of breach remediation. The legal team also coordinated external resources to help their client obtain the forensic, tech, security, and legal tools needed to contain the breach and develop a strategy to move forward.

RELATIONSHIP MATTERS

Nemphos Braue attorneys and the client had worked together long before the data breach. This relationship saved critical time and money for the client, allowing for an immediate response and eliminating the need for background on the client’s structure, relationships and policies. As you would expect, the incident was a massive issue for the client, significantly affecting their customer relationships and internal management, but the timely response of the company helped minimize the negative impact of the breach.

TIMING MATTERS

Engaging with Nemphos Braue BEFORE a data breach occurs allows your company to:

  1. Identify and mitigate risks.
  2. Enable a rapid response plan.
  3. Protect the company during an investigation.

More Case Studies

View All