---

Data Breach

An ever present threat with increased risk to organisations.

GoCrisis has recently been activated for a few data breach incidents. In 2018, they responded to a major data breach that affected 40 million people across multiple industries and across the globe. It was a popular HR platform that was compromised and affected organisations in aviation, financial institutions, government, oil and gas, hospitality and manufacturing.

The most recent activation, however, and the one we are discussing here, involved much less people but posed very similar challenges. The organisation is a major university with students across the globe. GoCrisis supported them by providing call centre, social media and email support.

Setting the scene

According to the World Economic Forum’s Global Threat report, cyber-attacks and data fraud or theft was two of the top five global risks for 2021. And at recent IATA Risk and Insurance Management forum in London, where GoCrisis was a member of the panel of experts, Data Breach was the hot topic too.

Organisations and individuals suffer in many ways when they are affected by a data breach, but the most immediately worrying are the financial repercussions. To limit this potential damage, organisations must act quickly.

There are several aspects to consider:

• Reporting the breach to authorities. A data breach that affects people in different countries have added complexities when it comes to complying with the different regulations. There may also be large regulatory penalties following a data breach. The disciplinary powers introduced in the GDPR (General Data Protection Regulation) has made this potentially the biggest financial cost to an organisation affected by data breach.
• Rapidly setting up the organisation’s response efforts: a website with important updates, legal and IT specialists to assess and mitigate the damage, call centres to provide information and self-help guidelines to safeguard personal information, information regarding the investigation and/or complementary credit checks.
• Investigating the incident, which may include outside forensic expertise
• Reputational impact to the organisation
• Legal repercussions and potential compensations

What happened?

A major University notified GoCrisis of a break-in that occurred in their administration building where thieves stole a number of University owned password protected laptops. There were 96,000 domestic and 12,000 international students affected.

What steps did the University take?

• This incident was immediately reported to Authorities for investigation.
• The university immediately commenced an internal investigation to assess the nature of the data stored on the stolen laptops.
• Following the theft, building and data security was quickly strengthened.
• The University notified all the relevant regulators in the respective jurisdictions
• GoCrisis was activated to provide a toll-free enquiry lines across time zones and different countries, social media and crisis communications support.

How did GoCrisis help

GoCrisis was engaged to assist with the GoCrisis Contact Centre (GoCC) Services to provide individuals with any additional information they would require. They activated their toll-free numbers, deployed their global virtual call centre, social media and email agents and assisted with preparing FAQ’s for agents to use on the different platforms.

Toll-free enquiry lines were set up and numbers published for concerned students and staff to contact the University. GoCrisis represented the University. The GoCC Agents were tasked to assist callers, by providing basic information on what security and precautionary measures to take, reassuring them that potentially critical information like banking details and/or tax information had not been accessed. They also provided guidance on what processes to follow with their local financial institutions or local authorities, should they suspect any suspicious behaviour involving their personal information.

Daily reports with detailed feedback on all activities were provided to the University, including areas of concern and possible escalations.

GoCrisis provided assistance on the University social media platforms, monitoring and addressing any queries posted on the various platforms, utilised by both the University and the students.

The service was concluded successfully after a period of 6 weeks. The client was provided with a close-out report including all voice recordings and Social Media and email interactions for future reference.