But this attacker had met its match and the company rose to the challenge, refusing to pay the extortion demand. Instead, they decided to send a broadside of their own, in the form of an international coordinated legal response. Ian Birdsey, cyber specialist at Clyde & Co, led the response team that came to the rescue.
We were at the hub of the response and project managed from the centre, engaged the necessary experts and drove the fight-back.
Ian Birdsey, Partner
“We have a playbook of how to respond, gathered from thousands of cyber breaches, and employ legal project management methodologies to ensure everything gets done, on time, in a coordinated manner, and information is properly recorded. Everything that we could do in a breach response process in this instance we did do."
“We notified tens of thousands of affected people in over 100 jurisdictions,” Ian continues. “We set up multilingual call centres to field queries, offered credit monitoring, coordinated local law firms and informed the relevant regulators – data protection, financial, industry, etc. Due to it being a public company and the extortion sums involved, we worked with the highest levels of law enforcement authorities in the UK and the US. We also hired a PR firm, gave the affected company’s executives media training and dealt with post-notification complaints and claims. We created the breach narrative, and then took control of the story in the media, which were generally supportive of the hacked company’s refusal to bow to extortion.”