800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

Checklist: How to Respond to a Data Breach

  • Review your data breach response plan. Don’t have one? That’s okay. Take a deep breath. Review your state’s data breach laws and make a list of entities you have to contact. Do this as soon as you learn about the breach; some states give as little as seven days to inform customers.
  • Contact law enforcement or consumer protection agencies, if your state law requires it.
  • Contact your data security guru or IT consultant (if you have one). If you don’t, you may want to hire one to perform an IT security audit so you’re less likely to experience another data breach in the future.
  • Contact your insurance company if you have Cyber Liability Insurance. Your Cyber Liability Insurance provider will pay for some of the costs associated with responding to a data breach, including (depending on your policy) crisis management, credit monitoring, and data breach investigation.
  • Investigate the breach, compiling information as to where it occurred and what data was lost. (If you’re not particularly tech-savvy, hiring a network security consultant to perform a security audit may be wise.)
  • Repair any security weaknesses, but keep records and evidence of the breach (which you might need to turn over to law enforcement agencies later).
  • Contact a credit monitoring company about fraud and IT theft prevention services you can offer your customers.
  • Set up a phone line or email address to handle incoming questions and concerns from customers.
  • Post an announcement on your website about the data breach and how customers can reach you with questions.
  • Notify individual customers (via email, phone, or mail, in accordance with state regulations).

[Bonus] If you didn’t have a data breach response plan before, now’s the time to make one. Unfortunately, data breaches aren’t going anywhere, and a response document will almost certainly come in handy in the future.