What law enforcement to contact if an intrusion is discovered?

Incident response
Information risk management
Security management
New regulations concerning unauthorized access to sensitive customer information talks about contacting law enforcement, if applicable. While hoping it is a plan that I never need, in an intrusion responce plan, where sensistive customer information may have been accessed and you are required to notify some customers of this fact; 1)Would you contact law enforcement? if so 2)What law enforcement agencies would you contact? Local, FBI, Secret Service? I'm in a $1.5B bank.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Legal obligations to report. Determine scope of problem – is the exposure local, contact city/county police. Is there applicable state law, then they also have to notified. Does the the exposure include other locales in the state, then notify state level authorities anyway. Are any of the customers exposed in other states, then it is a federal matter by the ICC (Interstate Commerce Clause). And the newer regulations GLB and HIPAA require their involvement. If you suspect foreign involvement in the breach of security, then the FBI is at the top of your list. Good luck, and may none of us have to walk this decision path.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Anannymouse
    This is a question best answered by your legal depatment. Depending on where you are and what legislation is involved could change the list of contacts that are required to be notified. The best general advise I can give is to contact the police services in at least your first two levels of government (county and state, municipal and provincial). From there they should be able to provide you with the appropriate departments/agencies to contact and the contact numbers. Remember, allways contact these people/agencies prior to an incident. They will be able to provide infomation regarding what they will need to know and what you should do (or more importantly not do) in the case of an incident. It will also give you the opportunity to develop a relationship and mutual respect with contacts in the agencies so you may get better treatment when the incident occurs.
    0 pointsBadges:
  • Mirkonin
    I would contact your local Infragard chapter. Infragard is an orgization that is run by the FBI which helps business with just these types of issues. They typically have bi-monthly meetings.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: