Incident Lessons Learned Report
INCIDENT DESCRIPTION
Breach of personal data from online portal
DATE LOGGED
November 2 20xx
SERVICE DESK REF
INC12345678
REPORT AUTHOR
J. Smith
DATE OF REPORT
January 30 20xx
CHRONOLOGY OF THE INCIDENT On November 2 20xx, routine checks of the configuration of network components identified a misconfiguration that had allowed attackers to access data from a database concerned with the processing of online insurance claims. Logs showed that the attack had begun approximately one month before and had resulted in the theft of 4,000 records containing the personal data of customers, including names, addresses, policy numbers, limited financial information and claim details. An incident record was raised on November 2 20xx and the incident management procedure was invoked. It was decided to report the breach to the supervisory authority, which was done on November 3 20xx, approximately 24 hours after it was discovered. The servers involved were taken offline immediately and a vulnerability was identified which had allowed the attackers remote command line access to the server operating system. This vulnerability was patched on November 4 20xx on all affected systems. A third-party consultancy firm was engaged to provide advice and collect any digital evidence available for later submission to the authorities, if required.