It began with a phone call that seemed legitimate.
In fact, someone claiming to represent the police called about an ongoing investigation involving company management. They sounded confident. And had names. They even convinced the local police to confirm the story.
Within hours, an employee, acting in good faith, had shared multiple client databases containing sensitive personal data.
Indeed, the company had just been acquired and was relying on legacy systems awaiting migration. Evidently, the attackers exploited the uncertainty of change, and human trust.
A perfect social engineering trap
Unlike technical hacks, this wasn’t about malware or code.
Clearly, it was about psychology. In fact, the attackers used authority and urgency to convince a senior staff member to bypass internal procedures.
When the breach was discovered, intense stress spread among the management when they were informed of the situation, especially given the sensitivity of the leaked data and the company’s international operations. Despite of this stress, and what could have caused the onset of panic and chaos, the Management did the right thing: they called in the specialists for help. It was early on a Saturday morning.
Our immediate response
Approach Cyber’s Digital Forensics and Incident Response team (DFIR) and Privacy experts mobilised within hours, working through the weekend to contain the situation and manage the technical and legal response.
Our intervention included:
- Incident containment
- Full incident assessment and documentation
- Mandatory notifications to two Data Protection Authorities (France & Switzerland)
- Crisis communication support, in collaboration with a specialized PR agency
- Internal: messages for employees and colleagues of the staff member.
- External: Communication to impacted data subjects (email, website messages, set up of a call center), to the company clients and stakeholders.
- Liaison with the police to file a complaint, clarify the fraudulent nature of the calls and support the investigation of their services.
HR and legal review of the employees’ actions to ensure fairness and compliance. Throughout the process, we maintained constant communication with the client’s CEO and Board President to keep leadership informed and in control.
The outcome
Thanks to rapid coordination:
- The incident was fully contained within regulatory timelines
- All legal notifications were completed correctly
- Communication remained transparent and controlled
- No regulatory fines were imposed
- The company implemented lasting process and awareness improvements
“It looked so real, even the police confirmed it. Approach Cyber guided us through the trouble time with speed, precision and care.”
Lesson: Humans are the new attack surface
In conclusion, even the best cyber security tools can’t protect against social manipulation.
Hence, the only defence is to stay aware, follow strong processes, and stay ready, backed by a team that steps in the moment trust is exploited.
👉 Read more real-life incident responses and how we help organizations recover on our Incident Response page.
True story, anonymised. The details of the journey are factual; we have protected the client’s identity for security and confidentiality.
