From:
Sent: Wednesday, July 31, 2024 3:05 PM
To: Legal Team <Legal_Team@wgu.edu>
Subject: Cyber Security Attack Against Firm
Hello Legal Team,
As you are aware there was a phishing cyber security attack against the company. During routine system
monitoring and evaluation the IT team found that there was a significant cybersecurity breach that resulted in
leaked sensitive customer data (financial and PII). The investigation showed that employees clicked on an email
that turned out to be fraudulent.
Please find the below details regarding the outcome of the attack:
Financial & Reputational Damage:
Nearly 1500 records were lost
Due to sensitive customer information being leaked, customers may not feel comfortable banking with
the institution.
Potential loss of accounts due to customers leaving to a more secure institution
Training will be required and costly for all employees
Monitoring application required for all 1,400 employees netting in nearly a $630,000 cost
All systems will need to be inspected and brought to industry standards
Affected Customer Communication Strategies:
Emails will go out to each customer along with letters mailed to addresses on file
Phone calls will be made to high priority customers
Online FAQs will be made available
Customer support available for customers to call and ask additional questions
Failures identified in Process/Security:
No current company intrusion detection or intrusion protection
Systems have not been assessed for vulnerabilities in over a year
Software patches are required
Employees have not been continuously trained regarding data sensitivity in over a year
No clear process or procedure outlined to identify and quickly respond and mitigate cyber attacks
Timeline for Corrective Action:
1. Communication (August 2024-December 2024)
a. Transparent communication with stakeholders regarding investigation and remediation
b. Provide ongoing updates
2. Internal Training (August 5-9th)
a. Immediately schedule a week’s worth of training for employees (1hr each day) to reinforce best
practices for securing sensitive data
b. Explain type of attacks and ways to mitigate exploitation
3. Perform a security assessment (August 1- 30th)
a. Implement immediate fixes: security patches to address vulnerabilities (updating software,
enhancing access controls etc.)
b. Enable immediate enhanced monitoring and detection mechanisms
4. Data Protection (August 2024- August 2025)
a. Offer customers credit monitoring services
b. Provide guidance on identity theft protection
c. Assist with financial implications
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller melissarosario1. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $6.49. You're not tied to anything after your purchase.