With the breach discovered and actual financial harm being caused to a number of customers (through credit cards being skimmed), the company quickly shut down part of its ecommerce platform. Clyde & Co was then brought in to coordinate a global response, working closely with national regulators, as well as identifying all liabilities. It also rapidly notified all affected individuals, so that further misuse of information could be minimized.
The cyber team instructed forensic IT consultants to go into the system and review the incident. These experts were able to trace the signs of malware being present and could determine the extent of data that had likely been taken.
In a parallel process the team worked simultaneously with regulators in over 25 jurisdictions. And although based outside Europe, as it targeted customers in the EU, the company was also subject to the Global Data Protection Regime (GDPR).