Crisis Meeting Agenda

**Date:** August 22, 2025

**Time:** 12:30 PM

**Location/Platform:** Google Meet

**Attendees:** CEO, CTO, Head of Security, PR Executive, Legal Counsel, Operations Manager, HR Lead

---

### **Introduction and Purpose** (5 mins)

- **Goal:** Address the recent data breach at GazeBook Inc. and develop a cohesive plan to contain the damage, mitigate more risks, and recovery plans.
- **Word from the CEO:** Acknowledge the gravity of the crisis and emphasize the importance of collaboration and diligence in managing the problem.

---

### **Crisis Summary** (10 mins)

- **Incident Overview:**
    - A data breach occurred on October 22, 2023, at 2:00 PM, compromising the personal data of approximately 450,100 users, including user ids, emails, passwords, and payment information.
    - The breach was discovered by Richard Simmons of the IT security team during an audit.
    - The attacker(s) exploited a vulnerability in the company’s payment and retargeting systems, which we have since identified and patched.
- **Current Status:**
    - The vulnerability has been handled, and all unauthorized accessors were blocked.
    - We are running an investigation to ensure all bases are covered.

---

### **Impact Assessment** (10 mins)

- **Operations:**
    - Delayed orders and services to the payment gateway disruption.
    - External client services are the most affected.
- **Customers:**
    - Potential backlash or churn over compromised data.
    - Huge list of inquires to the support team.
- **Employees:**
    - Concerns on their own data and job security.
- **Reputation:**
    - Twitter handle has been receiving a lot of negative feedback, and questioning our ability to safeguard proprietary data.
    - Print and digital media have picked up the story.
- **Financials:**
    - $3.5 million projected to be our loss for service disruption and user churn.

---

### **Crisis Response Actions** (15 mins)

- **Actions Taken:**
    - Vulnerability identified and patched.
    - Breached data sets and systems were isolated.
    - For all compromised account, two-factor authentication is set and password changed.
    - Third-party team assisting to determine breach’s origin and scope.
- **External Communications:**
    - Preliminary email has been sent to affected users, directing them to safeguard their account.
    - Social posts assuring users that the issue has been handled.
- **Effectiveness:**
    - Containment was successful but lack of details updates is a cause of concern for the users.
- **Gaps:**
    - Concerns on providing prompt communication to affected users.

---

### **Risk and Escalation Management** (10 mins)

- **Key Risks:**
    - If media narrative escalates, could damage reputation.
    - Potential legal action and fines possible.
    - Risk of secondary attacks in case of password reusage.
- **Escalation Points:**
    - GDPR fines could be significant, so monitor diligently.
    - Escalate if partners or institutional client disengage.
- **Risk Management Protocols:**
    - Legal and compliance are interfacing with regulatory bodies
    - Insurance vendors have been notified.

---

### **Action Plan Development** (15 mins)

- **Immediate Actions:**
    - Do a thorough forensic investigation and get expert opinion.
    - Issue a detailed, transparent report to customers along with mitigation plan.
    - Offer free monitoring service for affected users.
- **Responsible Parties:**
    - CISO will oversee investigation along with CTO and external experts.
    - PR Manager & Marketing Head will work on media inquiries.
    - Potential regulatory issues and liability report will be presented by the legal counsel.
- **Timelines:**
    - Complete forensic investigation report to be ready in 72 hours
    - Communication to users will be done in 48 hours.
    - Third-party security experts will be hired within 4 working days.
- **Resource Allocation:**
    - Provide extra support to staff handling customer inquiries.
    - Improve cybersecurity resources for regular monitoring.

---

### **Communication Strategy** (15 mins)

- **Internal Communication:**
    - Employees will be informed about the crisis and our response during the all-hands meeting in the evening.
    - Emotional support and resources for employees on data protection will be provided by the HR department.
- **External Communication:**
    - The nature of the breach and mitigation steps will be shared at the end of the day via press release.
    - PR Manager Sarah Tiana will handle all interviews with media and influencers.
    - Social media department will work three 8-hour shifts on rotation to answer user queries.
- **Consistency:**
    - Ensure alignment with company values like transparency and responsibility on all official communication channels including social.

---

### **Next Steps and Follow-up** (4 mins)

**Next Meeting:**

- There will be another meeting held on November 11 to track progress on the investigation and a post-mortem report will be furnished by the cyber security team.

**Follow-up:**

- We will diligently track all the tasks and assigned stakeholders and regularly update the leadership.
- Any changes to the plan will need permission from the leadership team and the security officer.

---

### **Conclusion** (5 mins)

**Decisions Made:**

- Crisis is contained but further investigations are still happening.
- Robust communication strategy with users and media will be implemented.
- Expand support for affected users.
- Create special team to support institutional users from Fortune 500 list.

**Thoughts from the CEO:** Duly acknowledge the team’s swift response and emphasize the need for a collaborative approach for managing the crisis.

---

### Key Contacts

- **CEO:** Bill Smith
- **CTO:** Mary Joe
- **CISO:** Benjamin Lee
- **PR Manager:** Sarah Tianna
- **Legal Counsel:** Ben Thompson