Berwicq (pronounced "brwk") is a soft drink company based in Kearney, Nebraska. Berwicq's flavor formulas are kept confidential - through trade secret protections - in an effort to safeguard the company's competitive advantage in the marketplace. Berwicq went public two months ago and after an IPO price of $50 it is now trading at $55.

Berwicq was in the news because one of its founding partners, Garrett Preston, recently left to work for their nearest competitor. Asher Torres, Berwicq's co-founder, bought out Garrett's stake in Berwicq for a negotiated price. Many at Berwicq were not sorry to see Garrett depart, most particularly Skyler Smith, the senior network administrator, who used to be romantically involved with Garrett, but broke things off after Garrett started flirting with Denver Brown, Skyler's college intern. Denver Brown's internship ended shortly after Garrett left. Berwicq's employees are hired informally, typically based on whether they know someone already working there.

Berwicq has struggled with transforming from a privately held startup to a publicly traded company. The founders' ethos of "there are no rules; we make the rules" has complicated efforts to improve security. Despite employees having identification badges issued badges are rarely used and guests flow in and out of the building without restraint. There is only one wireless network, but it is secured with a passphrase - QR Code stickers are arrayed around the building to give employees and guests access to the WiFi. Employees use their own mobile devices to access company information. Many employees have administrator access on their computers so they can install the latest productivity tool of their choice and while employees are reminded to install software updates many of them feel the updates take too long and interrupt their work flow so the updates get skipped. Berwicq's telecommuting employees remote into the company network to access resources. The IT department suggested a password policy but Garrett liked his standard "Berwicq123" password so their policy suggestion went nowhere - and Garrett reminded them that it contained uppercase, lowercase, and numbers, and was 10 characters long, so what was the concern?

Shortly after Garrett's departure Berwicq experienced a malware attack; as a result, the proprietary flavor formulas were leaked. Asher Torres got a pseudonymous direct message on social media about one of the formulas being found on Pastebin. The personal data of Berwicq's testing pool - about 2000 VIP program customers - which included sensitive health information such as blood pressure readings, cholesterol levels, and Body Mass Index (BMI), was also leaked. The VIP program customers include residents of California and Germany.

Following the discovery of the leak, Asher's younger sibling, Ariel, who is in high school and taking a computer science class, downloaded some digital forensics tools onto Asher's laptop and ran some of them on the network. On Ariel's advice, Asher shut down all the computing devices in the building and texted Skyler about the situation. Skyler informed Berwicq's legal counsel, Dante Johnson, who reminded Asher of the legal recommendations regarding evidence preservation.

The company is now in the process of recovering from this breach. Berwicq's stock price is down to $52. A journalist from the local newspaper, The Kearney Hub, acting on a submitted tip, has contacted Asher for an interview.

You are cybersecurity professionals who report into Berwicq's infrastructure operations team. The chief technology officer (CTO), Ms. Noor Halaby, has asked you and your colleagues to form an incident response team to participate in team meetings to discuss the data breach incident and its potential impact on the company, form recommendations for the future, and assist in documenting events and procedures. You will be using NIST's 800-61 Rev 2 Computer Security Incident Handling Guide to frame your actions. [You might find Exabeam's summary of NIST 800-61 Rev 2 useful: 6 Incident Response Steps to Take After a Security Event (exabeam.com) ]

Create the presentation to the board of directors explaining what happened and why, how it will be prevented from happening again, and what will likely happen to Berwicq's stock price and reputation in the short term. The presentation can be in any format.