The unintentional, fraudulent outflow of data from an organisation poses a major challenge for the affected companies that goes beyond the immediate handling of the IT security incident. Data leaks in particular are very diverse and complex in their need for handling. They can also lead to immense financial and reputational damage.

Full disclosure and transparency are extremely important

In order to minimise damage, it is extremely important to investigate such cyber attacks immediately and completely and to bring transparency to the incident. Immediate questions that arise include:

What data was leaked in the first place?
Have I lost company secrets, third-party data or personal data?
Am I being blackmailed?
What obligations do I have towards data subjects, third parties and supervisory authorities?
Who do I need to involve internally and what processes need to be put in place?

Immediate questions in the event of data theft

Such an incident often results in further communication and information obligations for companies, which can involve considerable effort and the use of human and structural resources. The sheer volume of data and lack of knowledge about its content also often lead to great uncertainty and present companies with major technical challenges. Using tried-and-tested procedures and the latest technology (e.g. machine learning), the mountains of data can be made manageable.

Based on many years of practical experience, we not only support you in the clarification and complete elimination of the attack, the processing of the data leak and data content and ensure a secure restart of your business processes, but also accompany you in particular in the data protection law processing of the incident.

Ready to talk? Contact us

contact_phone

KPMG Forensic emergency hotline

We are there for you around the clock:

0800 SOS KPMG (0800 767 5764)

Email: de-sos@kpmg.com

Our range of services

KPMG provides you with comprehensive support in investigating a cyber attack:

Detection of the incident
- Containment and investigation of the attack
- Identification of possible data encryption by the attackers
- Identification of the affected IT systems
- Reduction of technical data volumes to minimise the analysis effort (e.g. DeNISTing)
Analysing the outflowed data
- Analysis of the affected systems
- Identification of the leaked data and files
- Evaluation and categorisation of the leaked data with regard to
  - personal data
  - intellectual property
  - Third party data
  - business secrets
- Clarification of challenges and legal reporting obligations arising from such an incident
- Restoring normal operations as quickly as possible
Crisis management
- Processing of the incident
- Development of a suitable action plan
- Ensuring that the incident is adequately communicated to those affected as quickly as possible within the statutory deadlines
- Setting up a hotline and, if necessary, other suitable internal and external communication and information channels
- Setting up and operating such communication and information channels