Guided Website Threat Review

Foregenix Blog

Benjamin Hosack

Your website may have been hacked - what next?

web security

,08/10/16 14:49

You suspect your website may have been hacked and your priority is to get your online business back up and running as soon as possible.  With a worldclass team of cybersecurity specialists, we can certainly help you to regain control of your website and secure your client data.

BUT, before you jump into fixing mode, here are a couple of critical steps you need to take to ensure you can handle any enquiries from law enforcement agencies, Visa, Mastercard, Amex and others if it turns out that payment card data has been stolen.

Step 1: Take a full back up of your website right now, before any changes are made.

  • Create a compressed backup of the entire web root.
  • Export any database associated with the website e.g. into a .mysqldump format.

Why is this important?
If your website has been hacked and criminals have stolen payment card data, it is likely that there will be an investigation initiated by the card brands and/or law enforcement.  If that happens, you need as much evidence to defend support the investigation and defend your business.  Get that backup done ASAP and store it securely in an offline location.

Step 2: Prior to removing any suspect files from your website, ensure you keep a copy in a secure, compressed, offline location.

Why is this important?
These files may be required to support investigations at a later date, so make sure you keep a copy of them.

Step 3: Document all steps taken in relation to any suspected incident.

A written log with timeline will help considerably in any investigation process.

Step 4: If cardholder data has been potentially stolen, the sooner you notify your processor and acquiring bank, the better.

Your acquiring bank will be able to advise you on the best course of action.  They will also be able to advise Visa, Mastercard, Amex and the other brands if payment card data has been stolen.  Additionally, if you can notify the card brands before they identify the breach through fraud analysis on the stolen cards, then you will be a far better position when it comes down to the assessment of responsibilities and liabilities. We woudl recommend you to do the notification in writing/email so that you have evidence of the notification.

Incident Response Planning

Have you developed an Incident Response Plan?  If not, it may be worthwhile taking a look at our free Incident Response Planning Guide for tips on what you should be thinking about for your business.

Incident Response Planning Guide

If you need help:
We have a LOT of experience in managing situations involving the theft of payment card data, so if you're in any doubt about any of the above steps our team are able to help you.

Thanks once again and keep your online business safe.

Tags: web security


Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More
Kirsty Trainer
The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Duncan Slater
21/07/17 10:15

Foregenix Review of the Office for National Statistics Crime Survey

Today [July 20th 2017] the Office for National Statistics in the UK released their annual Crime Survey for England and Wales (CSEW), for the twelve ...

Read More

Benjamin Hosack
10/07/17 16:40

Magento Websites: How is the security health of your website?

Cyber security is a hot topic, with articles appearing most days within the mainstream media.  As consumers, we’re all becoming more cyber-aware as ...

Read More

Kirsty Trainer
07/07/17 16:41

Take the Guesswork Out of Your Website Security

Let’s say that someone approaches you on the street one day. They point to a busy shop across the street, and they say to you, “That’s my store, and ...

Read More

Andrew McKenna
06/07/17 16:21

Why You Need To Defend Against Nation State Attacks

A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a ...

Read More

David Kirkpatrick
05/07/17 10:57

Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering ...

Read More