After receiving an unexpected phone call, a restaurant group learned it was experiencing an ongoing cyber attack. But it wasn’t a threat actor on the other end of the line—it was the Federal Bureau of Investigation.

The FBI notified the business that data from four of its servers had been compromised: three corporate servers and one restaurant server containing customer credit card information. Considering it processes more than $8 million in credit card transactions annually, the restaurant group immediately notified Coalition in hopes of minimizing the damage and exposure.

Within 48 hours, incident responders utilized script collectors to identify how the threat actor was accessing the servers and what data was impacted. Coalition’s breach response partner ejected the threat actor and reclaimed control of the network. Unfortunately, even with quick action, the breach compromised customers’ credit card data.

Our investigation determined the incident began with a simple phishing email. Once the threat actor entered the network, they elevated their own credentials to access other accounts. With unfettered access, the threat actor was able to compromise credit card data for more than 13,000 individuals. The data breach eventually resulted in a classaction lawsuit, but one key coverage reduced the business’ cost to a fraction of the overall amount. Breach Response covered the costs of notifying customers about the data breach, as well as costs related to litigations, depositions, and negotiations during the lawsuit. In the end, the restaurant group only paid $21,000 out of pocket, while its policy covered the rest of the $3 million claim.