๐จ If you are experiencing an active breach RIGHT NOW
1. Do NOT attempt to fix it yourself first โ document everything you see.
2. Immediately go to Section 3 โ Immediate Response (First 2 Hours)
3. Call your primary security contact listed in Section 1.
4. Do not delete logs, emails, or any evidence.
Section 01
Key contacts & responsibilities
NY State notification authorities
Section 02
Incident severity levels
| Level | Severity | Examples | Response time | Notify users? |
| Critical |
Confirmed data breach โ user PII exposed |
Database dump, unauthorized access to user records, payment data exposed |
Immediate โ within 1 hour |
Yes โ within 30 days (legally required) |
| High |
System compromise โ no confirmed data exposure |
Unauthorized admin access, malware detected, site defacement |
Within 2 hours |
Possibly โ assess per incident |
| Medium |
Service disruption or suspected intrusion |
Site down >1 hour, suspicious API activity, failed login surge |
Within 4 hours |
No โ unless data confirmed exposed |
| Low |
Minor issue โ no breach, no outage |
Single failed login, brief downtime <5 min, spam signups |
Next business day |
No |
Section 03
Immediate response โ first 2 hours
1
0โ15 minutes โ Detect & Contain
Stop the bleeding
Do NOT delete anything โ preserve all logs and evidence
Screenshot everything you can see โ error messages, unusual activity, timestamps
If site is actively being attacked: disable Firebase Hosting temporarily via Firebase Console
If database is being accessed: go to Firebase Console โ Firestore โ disable read/write rules immediately
If Stripe is involved: log into Stripe Dashboard and pause all payment links
Change your Firebase Console password and enable 2FA if not already on
2
15โ30 minutes โ Assess
Determine scope and severity
What data was potentially accessed? (user emails, business info, payment status)
How many users could be affected?
When did the breach start? Check Firebase logs for earliest suspicious activity
Is the attacker still active or have they left?
Assign severity level using Section 2 table
Document all findings in the Incident Log (Section 7)
3
30โ60 minutes โ Notify Internal
Alert your team and legal counsel
Notify all contacts listed in Section 1
Contact your attorney โ they will advise on legal notification timeline
If Critical severity: begin drafting user notification email (template in Section 5)
Do NOT post anything on social media yet
Do NOT notify users yet โ wait for legal counsel guidance
4
1โ2 hours โ Investigate & Fix
Technical investigation and remediation
Review Firebase Authentication logs for unauthorized logins
Review Firestore access logs in Google Cloud Console
Review Cloud Functions logs for unusual calls or errors
Check UptimeRobot incident history for timeline
Identify the attack vector โ how did they get in?
Deploy fix or patch to close the vulnerability
Rotate all API keys and secrets (GOVCON_API_KEY, BIDRISE_ADMIN_KEY, RECAPTCHA_SECRET_KEY)
Restore service only after vulnerability is confirmed closed
5
2โ24 hours โ Recovery
Restore and verify
Verify fix is working โ test all affected systems
Restore Firebase Hosting and Firestore rules if disabled
Monitor UptimeRobot and Firebase logs closely for 24 hours
Run full end-to-end test of the portal
Update status page on UptimeRobot
Section 04
Legal notification requirements
Under NY GBL ยง 899-aa and the SHIELD Act, if a breach exposes private information of New York residents, you must notify affected individuals, the NY Attorney General, the NY Department of State, and the NY Division of State Police. The AG has pursued enforcement where notification delays exceeded 30 days.
What triggers mandatory notification
Notification is required when a breach exposes any of the following about a NY resident:
- Name combined with email address and password
- Name combined with financial account information
- Social Security Number (not collected by BidRise)
- Business information that could enable identity theft
Notification timeline
| Who to notify | Deadline | How |
| Affected users | Expeditiously โ target within 7 days | Email to address on file (template in Section 5) |
| NY Attorney General | Within 30 days of discovery | Online at ag.ny.gov |
| NY Department of State | Within 30 days of discovery | dos.ny.gov |
| NY Division of State Police | Within 30 days of discovery | troopers.ny.gov |
| Stripe (if payment data involved) | Immediately | support.stripe.com |
What the notification must include
- Description of what happened
- What types of information were involved
- What you are doing to investigate and fix the issue
- What steps affected individuals can take to protect themselves
- Contact information for questions
Section 05
User notification email template
Use this template as a starting point. Have your attorney review before sending. Fill in all [brackets].
Subject: Important security notice regarding your BidRise.pro account
Dear [First Name / BidRise.pro user],
We are writing to inform you of a security incident that may have affected your BidRise.pro account.
WHAT HAPPENED
On [DATE], we discovered that [BRIEF DESCRIPTION OF INCIDENT]. We immediately took steps to contain the incident and launched a thorough investigation.
WHAT INFORMATION WAS INVOLVED
The following information associated with your account may have been affected:
- [LIST SPECIFIC DATA TYPES โ e.g., email address, business name, NAICS codes]
WHAT WE ARE DOING
We have [LIST ACTIONS TAKEN โ e.g., patched the vulnerability, rotated all API keys, enhanced monitoring]. We are continuing to investigate and have notified the appropriate authorities as required by New York law.
WHAT YOU SHOULD DO
- Change your BidRise.pro password immediately
- Monitor your email for any unusual activity
- If you use the same password elsewhere, change it on those accounts as well
- Contact us immediately if you notice any suspicious activity
FOR MORE INFORMATION
If you have questions, please contact us at security@bidrise.pro or call [PHONE NUMBER].
We sincerely apologize for this incident and the concern it may cause. We take the security of your information extremely seriously.
Sincerely,
[YOUR NAME]
BidRise.pro
447 Broadway 2nd FL #790
New York, NY 10013
security@bidrise.pro
Section 06
Post-incident review
Within 14 days of resolving any Critical or High severity incident, conduct a post-incident review covering:
- Root cause โ How did the attacker get in? What vulnerability was exploited?
- Detection time โ How long before we detected the incident?
- Response time โ Did we meet our response timeline targets?
- What worked well โ Which security controls helped contain the incident?
- What needs improvement โ What gaps did this expose?
- Action items โ Specific security improvements with owners and deadlines
- Documentation โ Update this plan based on lessons learned
Section 07
Incident log
Document every incident here regardless of severity. This log may be requested by regulators or insurers.
| Date |
Severity |
Description |
Resolution |
Notified users? |
| โ |
โ |
No incidents recorded |
โ |
โ |
Keep a separate detailed incident report document for any Critical or High severity incidents. This log is a summary index only.
Section 08
Plan maintenance
This Incident Response Plan must be reviewed and updated:
- Annually โ at minimum, every 12 months
- After any Critical or High severity incident
- When key personnel or contact information changes
- When significant changes are made to the BidRise.pro infrastructure
- When New York cybersecurity regulations are updated
This plan was last reviewed and approved on June 1, 2026.
Plan approval
This Incident Response Plan has been reviewed and approved by the business owner.