Data breaches from 2020 and 2021 seem like old news, right? Well, that would be true if it weren’t for the fact that there's fresh blood in the water. At the end of 2024 and the start of 2025 two organizations saw lawsuits ripping open old wounds. In a lawsuit filed at the end of 2024, the Indiana Attorney General filed a lawsuit against Westend Dental due to its disastrous handling of a ransomware attack that occurred in 2020. Then on January 6, the Washington State Attorney General, Bob Ferguson, filed a lawsuit against wireless carrier T-Mobile over a 2021 data breach.
These new wounds are the result of how the breach was handled. You see, when a cyberattack hits, the initial damage is only the beginning. The fallout can be exponentially worse if a business fails to respond effectively and communicate clearly. T-Mobile’s massive data breach and Westend Dental’s initial denial of a ransomware attack painfully demonstrate how poorly managed incidents can lead to crushing legal, financial, and reputational damage.
It’s a new day in cybersecurity and any MSP not fully prepared to deal with the recovery phase of a breach, is in serious trouble because without an incident response plan (IRP) that includes transparent communication protocols, your clients and your business risk spiraling into a deadly chaos.
So, what exactly went wrong for T-Mobile and Westend Dental?
T-Mobile: The Cost of Poor Communication
In 2021, T-Mobile suffered a breach that exposed the personal data of 76.6 million customers. But the company’s response compounded the damage:
- Delayed Detection: The breach went undetected for nearly six months until an external source sounded the alarm.
- Incomplete Notifications: Customers were notified via brief text messages, which omitted key details like the exposure of Social Security numbers.
- Downplaying the Impact: The company allegedly misled customers about the severity of the breach, sparking legal action from Washington’s Attorney General.
The fallout? T-Mobile has paid a staggering $365.75 million in settlements and penalties, with lawsuits still ongoing.
Westend Dental: A Case Study in Denial
In 2020, Westend Dental faced a ransomware attack but chose to deny the incident, claiming data loss was due to an "accidentally formatted hard drive." This decision unraveled quickly when investigations revealed otherwise:
- HIPAA Violations: The company waited two years to notify affected individuals, a clear breach of HIPAA’s 60-day notification requirement.
- No Incident Response Plan: A lack of preparedness resulted in delays, incomplete data recovery, and failure to inform patients.
- Reputational Damage: By lying about the breach, Westend Dental lost public trust and was fined $350,000.
The Consequences of Poor Incident Handling
- Legal and Regulatory Fines: Regulatory bodies like HIPAA, PCI-DSS, and GDPR impose significant fines for mishandling breaches. T-Mobile’s $15.75 million FCC penalty and Westend Dental’s HIPAA fine are cautionary tales.
- Reputational Damage: Transparency matters. Companies that delay or mislead in their communication suffer lasting trust erosion.
- Operational Downtime: Without a well-rehearsed IRP, containment and recovery are delayed, increasing downtime costs.
- Customer Loss: Mishandling a breach often alienates customers permanently, impacting long-term revenue.
Why Incident Response Plans Need Clear Communication
An incident response plan is more than a technical blueprint for containing malware or recovering data. It’s a guide to protecting trust during a crisis. Here’s how you can ensure their clients are prepared:
- Pre-Breach Preparation:
- Establish a clear notification process that complies with legal requirements for timing and content.
- Train key personnel in delivering accurate and transparent communication during a crisis.
- Simulate breach scenarios with tabletop exercises to refine communication strategies.
- During the Breach:
- Be honest and timely with affected stakeholders. Vague or delayed updates create frustration and suspicion.
- Share actionable steps customers can take, such as monitoring accounts or changing passwords.
- Update stakeholders as new information becomes available, ensuring consistency across all communication channels.
- Post-Breach Follow-Up:
Often the most pain staking and costly part of an investigation is gathering and presenting the evidence. Sign secure now can help you gather and document your client’s decisions-- making sure you cover your bases when it comes to having communicated risks. And Cyber Liability Guard can help make sure your client has the evidence all documented in one place. You have a RIC [define this] and show changes to the environment over time-- all tied up for auditors or investigative teams to run with. You can either appear like you did nothing OR you could be perceived as the only vendor that really mattered when it mattered most.
-
- Provide detailed incident reports to clients and regulators, including steps taken to mitigate future risks.
- Offer support resources to affected customers, such as credit monitoring services.
The Takeaway: Plan Now or Pay Later
The breaches at T-Mobile and Westend Dental show that how a company handles a breach often matters as much as the breach itself. Clear communication isn’t just a nice-to-have—it’s a critical component of any IRP.
MSPs must take the lead in helping clients develop robust plans that prioritize transparency, compliance, and swift action. Because when a breach hits, the last thing any organization can afford is confusion or denial.
Start building your incident response strategy today. The cost of inaction is far greater than the investment in preparation.