Panicking won’t get you anywhere once you’ve discovered a data breach. Accept that it’s happened and immediately contact your legal counsel for guidance on initiating these 10 critical steps:
Record the date and time when the breach was discovered, as well as the current date and time when response efforts begin, i.e. when someone on the response team is alerted to the breach.
Alert and activate everyone on the response team, including external resources, to begin executing your preparedness plans.
Secure the premises around the area where the data breach occurred to help preserve evidence.
Stop additional data loss. Take affected machines offline but do not turn them off or start probing into the computer until your forensics team arrives.
Document everything known thus far about the breach: Who discovered it, who reported it, to whom was it reported, who else knows about it, what type of breach occurred, what was stolen, how was it stolen, what systems are affected, what devices are missing, etc.
Interview those involved in discovering the breach and anyone else who may know about it. Document your investigation.
Review protocols regarding disseminating information about the breach for everyone involved in this early stage.
Assess priorities and risks based on what you know about the breach.
Bring in your forensics firm to begin an in-depth investigation.
Notify law enforcement, if needed, after consulting with legal counsel and upper management