After the Cybersecurity Breach

On Tuesday morning our security team detected an unauthorized login attempt pattern consistent with a phishing-based breach. Incident response began within seven minutes.

No customer payment data was exposed. However, approximately 3,200 employee email credentials were compromised and are already being rotated.

The CISO briefed the CEO and board within 24 hours. Regulators in two jurisdictions require notification within 72 hours; legal filed both on time.

Post-incident, we are rolling out mandatory hardware security keys and a refreshed phishing simulation program. Trust is slow to rebuild, but silence would cost us much more.