After suffering a data exposure of at least 13GB of customer information covering 117,000 accounts the actions of one of the UK’s largest motoring associations provides a great insight into the importance of incident response.
An initial incorrect assessment of the event’s severity coupled with accusations by the security community of downplaying the incident with speculation of a deliberate 'cover-up' forces the company to backtrack on their published official stance.
The senior management team are then forced to step in and personally incident-manage the situation, directly apologising to customers, emailing journalists and the security community to allay fears as to their intentions and to limit the backlash.
For organisations grappling with GDPR and wishing to understand how best to structure their incident response plans, this less-than-optimal example provides great insights into the areas that will require the greatest resources and management focus.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you: