Forensic Control

I think my data has been stolen, what should I do?

If you have suffered a data breach and data has been stolen, this guide will help you understand the next steps and how to investigate what happened.




Over the 15 years we have been providing Computer Forensics services in London we have done so with the aim of unravelling the complexities of cyber security for our clients. Often we work with clients who are looking to prevent an incident, but unfortunately we also find that a lot of our work starts following a data theft, breach or cyber attack. So if you think your data has been stolen, what should you do?

When you’re hit by a data breach, it’s completely natural to be engulfed by a wave of panic. There are a lot of emotions involved and it is often difficult to understand what has happened and to what extent will an incident effect your business. However, there is help available and the important part is not facing an incident alone. 

Here is a guide to what steps you can take should you find you have suffered a data breach.

What is a Data breach?

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorised to do so. In simple terms someone has accessed your business files, contact records etc and intend to remove them from you or use them for other purposes than intended.

The most common situation we see is an employee leaving a company and taking a client list with them. If this is not their personal data it may be viewed as breaking their contract and GDPR guidelines. 

This can be done in the following ways:

  • Saving client data to a USB stick
  • Emailing data to a personal email address
  • Printing out information
  • Accessing an application, website or file via a cyber attack which found a vulnerability
  • Taking pictures of what is on a screen with a mobile phone

Computer Forensics: Deciphering Digital Clues

Computer forensics, also known as digital forensics, involves highly trained experts who retrieve evidential data such as search histories, user records, and activity logs from devices including computers, tablets, and smartphones. The meticulous analysis of this data can often unveil substantial insights, playing a crucial role in identifying potential misconduct, uncovering hidden patterns of behaviour, and providing concrete evidence of fraudulent activities or a cyber attack.

A stringent process encompassing data collection, device imaging, recovery of deleted data, data identification, data analysis, and comprehensive reporting takes place. Investigators will use techniques to extract chat logs, email chains and reveal how and when data has been transferred, stolen or lost. 

Steps to take after a Data Breach

First and foremost, it’s imperative to seek professional assistance. 

At Forensic Control we adhere to the guidelines set by the Association of Chief Police Officers’ Good Practice Guide for Digital Evidence to ensure the process is executed to a meticulous standard for legal admissibility. When selecting a Computer or Digital investigator you should ensure they are experienced in handling, recording and reporting to a standard required by UK law, incase you need to take the matter to court. 

Next, the investigation should follow some well defined stages and next steps. 

A comprehensive process of a computer forensics examination is divided into six stages: 

  1. Readiness – Defines how a company will respond, what evidence is needed and how will it be retrieved. Often companies aren’t ready for the inevitable breach, so start at stage 2.
  2. Evaluation – Evaluate what has been stolen, the impact on the business and what are the risks
  3. Collection – Ensure the data, equipment and evidence is secured and collected by the investigators
  4. Analysis – Using tools and investigative techniques to analyse what has happened
  5. Presentation – Presenting the findings and evidence, clearly for future evidence
  6. Review – Has the investigation covered what happened, how and why? Do you have all the information you need from the investigation. How can this be prevented in the future?

Each of these stages holds critical importance to ensure the evidence collected is reliable and can be utilised in any subsequent legal proceedings. If it is an employee or past employee that has caused the incident, please refer to an HR specialist to guide you on contract and employment rights while an investigation is being carried out.

The data collection stage is particularly vital. Swiftly gathering data helps prevent any potential tampering or destruction. Collection of data can be done on-site or collected remotely from various cloud services.

The key is not to panic! Let the experts take control and do what they need to investigate the incident and more importantly assess the situation and risks. There are a number of guides and processes you can share with your team too so that collectively your business stays aware of any risks to a potential data breach.

More often than not, a data breach is caused by employees who leave a company and take client data with them to their next job. This can be seen as a naughty ‘no, no’ but it is theft and should be treated as such in the workplace. Usually this can be settled out of court, however should your company face large damages due to stolen data or other data breaches it is very important to follow the above steps.

How we help

At Forensic Control, we fully comprehend that a data breach can be a source of immense stress. That’s why we’re committed to providing an efficient, seamless, and stress-free process. We handle digital forensic cases with the utmost discretion and care, aiding business owners in regaining control and peace of mind in the aftermath of an incident.

Once our thorough investigation is complete, we submit a comprehensive, easy-to-understand report outlining our findings. We’ll elucidate how our findings can support a claim and assist in deciding the most effective course of action.

Remember, in the ever-evolving world of cyber security, it’s not just about prevention but also about possessing the knowledge to respond effectively when things take an unexpected turn.

We provide a blend of preventive measures and reactive services, designed to ensure you are protected against threats and that you’re well-prepared to handle any incidents that may unexpectedly surface.

If you are concerned about a possible threat to your business data please feel free to contact us to discuss how you can prevent an incident, but also about putting in place an incident response procedure should the worse happen. 

Related content

As computer forensics experts we are bound to abide by the ACPO Principles of Digital Based Evidence, ACPO being the Association of Chief Police Officers. ACPO provides a set of Guidelines for Computer Based Evidence, and they come with a suite of four essential principles. Here they are.
Computer forensics, sometimes known as digital forensics, is undertaken by trained examiners who pull data (search histories, purchase records, time logs and more) from devices including, but not limited to: computers, tablets, and smartphones.


Sign up here if you wish to receive updates and news from Forensic Control by email. We will not send you anything else and you may end the subscription at any time.

By providing your email address, you agree to receive marketing
messages as per our Privacy Policy