You have to inform everyone who's using the system and you have to fix the breach. You might also be on the hook for anything which happened in your customer's systems due to the breach, but that's going to depend on a number of factors.

Categories