Acme Corporation, a mid-sized financial services company, experienced a security incident when an employee's laptop containing sensitive customer data was stolen from their car. The incident was discovered when the employee reported the theft to their manager, who immediately notified the IT Service Desk.

Following their established Incident Response Policy and Procedure, the IT Service Desk documented the report and notified the Incident Response Team. The team quickly assessed the incident and determined that it posed a high risk to the confidentiality of customer data, as the laptop was not encrypted and contained names, addresses, and Social Security numbers of several thousand customers.

The Incident Response Team, in coordination with Legal and Executive Management, decided to proactively notify affected customers of the breach, even though there was no evidence that the data had been accessed or misused. They drafted a notification letter explaining the incident, the steps taken to investigate and mitigate the risk, and the free credit monitoring services being offered to affected customers.

The notification letters were mailed to affected customers within one week of the incident being discovered, and a dedicated call center was established to handle customer inquiries and concerns. The Incident Response Team also worked with IT to remotely wipe the stolen laptop and implement full-disk encryption on all company devices to prevent future incidents.

After the incident was resolved, the Incident Response Team conducted a post-incident review and identified several areas for improvement, including the need for regular security awareness training for employees on the risks of storing sensitive data on portable devices and the importance of immediately reporting lost or stolen equipment. These recommendations were implemented, and the Incident Response Policy and Procedure was updated to reflect the lessons learned.

By having a well-defined Incident Response Policy and Procedure and a clear process for breach notification, Acme Corporation was able to quickly and effectively respond to the incident, minimize the potential harm to affected customers, and demonstrate their commitment to security and transparency. This approach not only helped them maintain customer trust, but also positioned them well for future SOC 2 audits by demonstrating a robust and compliant incident management program.