Data breach crisis response
In 2015, a national non-profit organization serving children with special needs discovered a backup drive containing more than one thousand client financial and medical records was lost. The cause was employee error. The drive was recovered within a week and a breach was suspected, but not verified.
The organization had no data breach response plan or potential vendors in place to respond to this incident. The organization’s insurance company contracted Kimball Hughes Public Relations to help respond to the potential crisis. We immediately recommended a forensics investigation to determine if the data had been breached and a legal team to determine notification requirements.
While the investigation was underway, Kimball Hughes put together a response plan and communications tools, including client notifications, media talking points and a media statement. We evaluated the organization’s minimal social media presence, prepared a statement that could be used to direct people to more information and set up monitoring tools in case the data was breached. Fortunately, forensics determined no data had been breached.