Foregenix Blog

Your website may have been hacked - what next?

Posted by Benjamin Hosack on 08/10/16 14:49

You suspect your website may have been hacked and your priority is to get your online business back up and running as soon as possible.  With a worldclass team of cybersecurity specialists, we can certainly help you to regain control of your website and secure your client data.

BUT, before you jump into fixing mode, here are a couple of critical steps you need to take to ensure you can handle any enquiries from law enforcement agencies, Visa, Mastercard, Amex and others if it turns out that payment card data has been stolen.

Step 1: Take a full back up of your website right now, before any changes are made.

  • Create a compressed backup of the entire web root.
  • Export any database associated with the website e.g. into a .mysqldump format.

Why is this important?
If your website has been hacked and criminals have stolen payment card data, it is likely that there will be an investigation initiated by the card brands and/or law enforcement.  If that happens, you need as much evidence to defend support the investigation and defend your business.  Get that backup done ASAP and store it securely in an offline location.

Step 2: Prior to removing any suspect files from your website, ensure you keep a copy in a secure, compressed, offline location.

Why is this important?
These files may be required to support investigations at a later date, so make sure you keep a copy of them.

Step 3: Document all steps taken in relation to any suspected incident.

A written log with timeline will help considerably in any investigation process.

Step 4: If cardholder data has been potentially stolen, the sooner you notify your processor and acquiring bank, the better.

Your acquiring bank will be able to advise you on the best course of action.  They will also be able to advise Visa, Mastercard, Amex and the other brands if payment card data has been stolen.  Additionally, if you can notify the card brands before they identify the breach through fraud analysis on the stolen cards, then you will be a far better position when it comes down to the assessment of responsibilities and liabilities. We woudl recommend you to do the notification in writing/email so that you have evidence of the notification.

Incident Response Planning

Have you developed an Incident Response Plan?  If not, it may be worthwhile taking a look at our free Incident Response Planning Guide for tips on what you should be thinking about for your business.

Incident Response Planning Guide

If you need help:
We have a LOT of experience in managing situations involving the theft of payment card data, so if you're in any doubt about any of the above steps our team are able to help you.

Thanks once again and keep your online business safe.

Topics: web security