Foregenix Blog

Benjamin Hosack

Your website may have been hacked - what next?

web security

,08/10/16 14:49

You suspect your website may have been hacked and your priority is to get your online business back up and running as soon as possible.  With a worldclass team of cybersecurity specialists, we can certainly help you to regain control of your website and secure your client data.

BUT, before you jump into fixing mode, here are a couple of critical steps you need to take to ensure you can handle any enquiries from law enforcement agencies, Visa, Mastercard, Amex and others if it turns out that payment card data has been stolen.

Step 1: Take a full back up of your website right now, before any changes are made.

  • Create a compressed backup of the entire web root.
  • Export any database associated with the website e.g. into a .mysqldump format.

Why is this important?
If your website has been hacked and criminals have stolen payment card data, it is likely that there will be an investigation initiated by the card brands and/or law enforcement.  If that happens, you need as much evidence to defend support the investigation and defend your business.  Get that backup done ASAP and store it securely in an offline location.

Step 2: Prior to removing any suspect files from your website, ensure you keep a copy in a secure, compressed, offline location.

Why is this important?
These files may be required to support investigations at a later date, so make sure you keep a copy of them.

Step 3: Document all steps taken in relation to any suspected incident.

A written log with timeline will help considerably in any investigation process.

Step 4: If cardholder data has been potentially stolen, the sooner you notify your processor and acquiring bank, the better.

Your acquiring bank will be able to advise you on the best course of action.  They will also be able to advise Visa, Mastercard, Amex and the other brands if payment card data has been stolen.  Additionally, if you can notify the card brands before they identify the breach through fraud analysis on the stolen cards, then you will be a far better position when it comes down to the assessment of responsibilities and liabilities. We woudl recommend you to do the notification in writing/email so that you have evidence of the notification.

Incident Response Planning

Have you developed an Incident Response Plan?  If not, it may be worthwhile taking a look at our free Incident Response Planning Guide for tips on what you should be thinking about for your business.

Incident Response Planning Guide

If you need help:
We have a LOT of experience in managing situations involving the theft of payment card data, so if you're in any doubt about any of the above steps our team are able to help you.

Thanks once again and keep your online business safe.

Tags: web security


Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More
Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More

Cyber Security Insights

Jake Dennys
17/01/18 09:23

Cryptocurrency Malware Affects 55% Of Businesses Worldwide.

Earlier this month we discussed mining malware and how crypto’s popularity might have an effect on it’s usage. Well, a report from Check Point has ...

Read More

Andrew McKenna
12/01/18 10:14

Your Encryption Checklist

Based on real and potential weaknesses identified in existing security protocols as well as industry guidance on algorithms, the following are some ...

Read More

Zacharias Pigadas
09/01/18 09:11

Supply Chain Attacks: A Closer Look

We, as Foregenix and as a security community, have seen our fair amount of breaches publicised the last year or so. Many of them are your ...

Read More

Jake Dennys
24/11/17 15:17

Black Friday Sees Website Traffic Increase by 200%

Black Friday is upon us and as I’m sure you know, it comes hand in hand with lucrative tech discounts from across the industry. For businesses ...

Read More

Richard Jones
17/11/17 09:39

Successfully implementing GDPR: Compliance and Awareness

The General Data Protection Requirement (GDPR) is essentially about privacy. It relies on cyber security controls to ensure that legitimately used ...

Read More