Step One
Confirm the offending computer/source (it may or may not be the computer that you
have identified).

Step Two
Identify any additional files that might have been disclosed from the offending computer/source (this often determines/confirms the original source because often additional files are disclosed that allow us to profile the individual disclosing them).

Step Three
Remediate/close down the offending computer/source.

Step Four
Identify any additional sources that may have acquired the file(s) and are re-sharing it/them
to the P2P networks.

Step Five
Remediate/close down any additional sources found in step #4.

Step Six
Take any notification steps required by state/industry regulatory bodies based on the severity
of the information disclosed (e.g. social security numbers, etc).

Step Seven
Provide services (e.g. credit monitoring, fraud alerts, etc.) to affected individuals.

Step Eight
Document all steps taken to address both this incident and to prevent others from occurring as required by state/regulatory bodies, customers, other stakeholders, etc., and in support of any future legal defense actions.