Question: What is the first thing you should do AFTER you realize your website's security was compromised?
Scan Your Servers
"After you realize there was a breach, determine what kind of attack it was. This will allow you to determine appropriate next steps. Hackers can do things like steal your data or compromise your site with trojan horses, back doors, and/or altered content. Look for any signs that things have changed and scan your logs for any odd activity. This will dictate how you react and prevent a future attack."
"Above all, don't panic. Address the breach Immediately. Fix it and put measures in place that will prevent it from happening again. Then, you need to communicate the facts: What happened? What you're doing about the breach (i.e. we fixed the problem)? What are you're doing for those affected?"
Shut Down the Site
"The first thing you need to do is shut the site down for assessment and repair. Yes, you’ll lose some business -- but it’s less than you’d lose if you infected every visitor with malware. Once you’ve done that, call in your support team, and pull together any information they’ll need."
Communicate With Your Customers
"Let your customers know about it and that, to protect them, you are denying access to features X and Y while you investigate, but that access to Z is safe and available. The first thing your customers need to know is that you care enough to stop (potentially) hurting them. That will galvanize your relationship and buy you a window of goodwill to investigate and remedy the problem."
Check Whether Credit Card or Other Sensitive Data Was Stolen
"Depending on your industry, a security breach could be a big problem to your customer or a small one. If you are in the financial industry, a security breach could mean bank account numbers could be stolen. If you work in the education industry, lost data can include grade history or behavior reports. The key is to inform your customers immediately and close any related accounts."
Do a Quick Fix, Then Assess the Damage
"Do whatever it takes (within reason) to plug up the area that's been compromised. Then assess the damage to determine the next step. Was customer data stolen? Did it affect any revenue? What communications need to go out and to whom?"