Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
I prefer to be contacted by:
View our privacy policy
Book a penetration test today. Get in touch.

Overview

Remote and on-site support when you need it

Whether you need help in the event of a data breach or long-term support to enhance your organisation’s identity theft and breach notification approach, our experts are on hand 24/7 to provide assistance across the incident lifecycle.

Services

Breach notification services

  • Data breach notification
  • Call centre services
  • Identify theft restoration and consultation
  • Credit and identity monitoring

Features

Breach notification service features

24/7 support and assistance
Should the worst happen, our experienced global team of identity theft and breach notification experts are available to provide remote and on-site support around-the-clock.
Specialist reporting and remediation support
With more than 20 years of breach notification experience gained through handling the largest and most complex notification requirements in the world, we’ll ensure that your response is managed and communicated in a way that complies with regulatory expectations and protects your reputation.
Expert data breach notices
Our breach notification and identity theft specialists understand that different sectors, especially highly regulated ones, have distinct obligations and varied levels of risk. We’ll help you and your counsel to draft data timely, cost-effective, and appropriate messaging.
Comprehensive brand protection
Your organisation can rely on Kroll to preserve your brand integrity. We’ll ensure that the individuals impacted by your breach are left feeling confident and protected - knowing that our licensed identity theft investigators will be there to help them handle situations quickly and effectively.

FAQ

Breach notification FAQ

What is a data breach?

A data breach is the exposure of confidential, protected or sensitive information to an unauthorised party which leads to the files being viewed or shared without permission. Organisations subject to a data breach must inform the relevant authorities in their country within a certain time period and take other required steps, such as informing the individuals affected if the breach presents a significant risk to them.

What do I need to do if my organisation suffers a personal data breach?

Following the introduction of the General Data Protection Regulation (GDPR), the need to detect, respond to and report data breaches is now greater than ever for all organisations that process any form of personal information. Organisations that fail to demonstrate appropriate controls and/or fail to report a data security breach to a relevant authority within 72 hours risk significant financial penalties.

How do I report a data breach?

In the UK, if your business is affected by a data breach, it must be reported to the Information Commissioner’s Office within 72 hours of discovery through a breach notification letter. The information you provide should include a description of the breach, the type and quantity of data compromised, an outline of the likely consequences of the breach, and how you intend to address it. If the impact of a breach represents a high risk to the rights and freedoms of individuals, you should also directly notify those people.

What is a data breach notification letter?

A data breach notification letter is the method through which organisations comply with their legal obligation to inform the Data Protection Authorities (DPAs) or individuals for their country. Because your notification letter is your primary communication with stakeholders regarding your data security incident, it plays a key role in controlling your message and managing breach population fears.

What should a data breach notification letter include?

Breach notification letters should include a brief description of what your organisation is doing to investigate the breach and how it aims to take action to minimise the impact on individuals and to prevent any further breaches. Kroll experts will work with your team to implement a personalised, plain-language notification letter that provides pertinent information and maintains message control.

What steps should I take to defend my organisation against a data breach?

In Kroll’s 2021 Data Breach Outlook report, 43% of the organisations interviewed still felt they were not ready to notify in the event of a breach. Given the significant growth in data breaches, we strongly recommend that organisations take proactive steps to prepare for a notifiable data breach incident. Our five key recommendations for better preparing for a breach event are:

• Negotiate and retain key vendors to assist during incident response
• Conduct tabletop exercises with leadership and incident response specialists
• Provide education, training and technical support to employees
• Understand where data resides in your organisation
• Don’t rely on encryption as your only method of defence

How do breach notification services support the fulfilment of regulatory requirements?

In today’s global economy, where data can cross many jurisdictions, your organisation may be required to comply with a patchwork of stringent notification regulations. This can make acting in the event of a data breach even more complex. Our data breach notification solutions enable companies under pressure to deal with data issues across different areas, with call centres staffed by multilingual representatives. As data privacy regulations evolve, we track them closely, developing capabilities to fulfil the needs of organisations in various jurisdictions.

Get immediate incident response assistance

Get in touch

Breach Notification Support

Simplifying the complex demands of breach notification

Our proven expertise and unrivalled resources enable us to ensure that your data breach response is managed in a way that complies with regulatory expectations and protects your reputation. Kroll has delivered notification and call centre services to hundreds of millions of people worldwide, and our team routinely handles the most pressing emergencies with speed and efficacy.

Diagram of computer with people

Breach notification retainers

Flexible breach notification retainers

To help your organisation respond faster and more effectively to data breach incidents, Kroll’s breach notification retainer provides elite digital forensics and incident response capabilities on-demand. Our client-friendly notification retainers offer value for money and maximum flexibility and include a range of services, such as sending data breach notification letters, rapid data cleansing and identity theft restoration and consultation to support victims.

About us

Why choose Kroll?

  • Flexible, on-demand services
  • Recognised by CREST and the PCI Council
  • A global team of breach notification specialists
  • 3,200 security incidents responded to every year

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
15th August 2022
Ransomware data theft increase helping to drive BEC attacks
A sharp rise in corporate data stolen by ransomware groups is helping to fuel business email compromise (BEC) attacks, according to new research.  
8th August 2022
One in three organisations experience weekly ransomware attacks
A new report has revealed that one in three organisations in the UK and the US are affected by a ransomware attack at least once a week, with almost 10% experiencing them more than once a day.  
1st August 2022
Data breach costs reach record levels
A new report has revealed that the average cost of a data breach around the world is now $4.35m. As an increase of almost 13% compared with 2020, this creates a new record.  
25th July 2022
Enterprises failing to plan for supply chain threats
A new report highlights that enterprises are failing to plan effectively for supply chain risks and cyber security threats.