Data Breach Response Drill

Format: Simulate a data breach and practice the response process.

Scenario: You receive an email notification that your database has been accessed without authorization. You need to:

1. Immediately (first 15 minutes):

   • Determine the scope of the breach (what data? how many users?)
   • Close the breach entry point
   • Notify the team

2. Short-term (first 24 hours):

   • Reset all credentials and API keys
   • Analyze logs to determine the attack path
   • Notify affected users (GDPR requires within 72 hours)

3. Medium-term (first week):

   • Write an incident report
   • Fix the root cause
   • Review for similar vulnerabilities

Exercise: Using one of your projects, assume the database has been breached:

• What damage would the leaked data cause?
• How quickly could you detect the breach?
• Do you have backups? Were the backups also compromised?