How should Forbes respond to a discovered data breach affecting subscribers?

When a data breach is discovered, the priority is to protect subscribers and minimize harm by following a structured incident response. Activate the incident response plan right away to mobilize the right people and resources. First contain the breach to stop any ongoing access, then determine who is affected and what data was exposed, and notify those affected in line with applicable laws and contractual obligations. Communicate openly about what happened, what steps are being taken, and what subscribers should do, as transparency helps maintain trust and meets regulatory expectations. After containment and notification, review security controls to address weaknesses, implement improvements, and strengthen defenses to prevent a recurrence. This approach follows established incident response practices and shows responsible, proactive handling of the breach. Delaying notification, publicly blaming vendors, or hiding the breach undermine trust, can worsen legal and reputational consequences, and fail to meet ethical and legal responsibilities.