You think you've been breached. Do this now
A calm, step-by-step first-hour checklist for containing a data exposure before it spreads.
The first hour matters most. Panic causes mistakes; a checklist prevents them. Here's what to do, in order.
First, contain
- Rotate the exposed credential (API key, password, token) so it stops working — this is usually the fastest way to shut the door.
- Restrict access to the affected system: take it offline or limit it to known IPs if you can.
- Preserve evidence. Don't wipe logs — you'll need them to understand what happened.
Then, assess
- What data was reachable, and for how long?
- Whose data is affected — customers, employees, partners?
- Do the access logs show the data was actually taken, or just exposed?
Then, meet your obligations
If personal data was exposed, you may have a legal duty to notify regulators and the affected people within a set time (for example, 72 hours under GDPR). This duty is yours as the data holder — get advice early rather than late.
What not to do
Don't quietly delete and hope. Don't blame-storm. And don't assume "no one would bother with us" — automated scanners don't care how small you are.
If you're in this right now, email us with "Urgent" in the subject and we'll help you work the checklist.
Want us to just handle it?
Send the details to [email protected] or book a call. We'll check it for you and fix what's exposed.