First responder


When a large private sector client identified a critical data compromise, Deloitte was called in to investigate a suspected breach of a set of databases hosted in the cloud across several countries, containing personal information for over 100,000 staff and clients. The team took swift and concise action to diagnose and contain the breach.


Our cyber incident response (CIR) team mobilised, with initial crisis management staff arriving on-site in a matter of hours and technical specialists flown in from across the country. Once the scope of the breach impact was confirmed, the team immediately worked with the client to take affected systems offline and replace them with placeholder services to contain damage and limit disruption to customer services.

Within 48 hours, the Deloitte team achieved a single coherent view of the total impact to customers and the complete footprint of impacted data. War room workshops involving senior stakeholders led to a set of actions and a clear way forward. Finally, using our Cyber Incident Response and Testing Lab, we were able to complete final breach analysis and investigate any other potential security vulnerabilities for the client, helping them implement sustained solutions for cloud services going forward.

This work was challenging due to the number of stakeholders and teams involved, the public profile of the organisation, and the sensitivity of the data. An important and effective step in our approach was the quick escalation from our CIR team to crisis management, helping to manage senior stakeholders and provide top-down leadership across multiple teams.

Anu Nayar | Partner | Deloitte Digital


Working over a weekend, the business was able to resume running their critical cloud hosted customer services within three days. And within two weeks, Deloitte had supported the organisation to design and deploy new, secure cloud platforms and implement enterprise-wide improvements.

Get in touch with our experts

Our work