Breached (Part 3)

Written By Noel Bradford

The Fallout

This account is based on a real-world case. Names, locations, and identifying details have been changed or obscured to protect those involved and, frankly, to save a few blushes.

Day 7. Afternoon.

The meeting broke. Harwood’s reps packed their laptops with robotic precision, muttered vague apologies, and backed out of the boardroom like someone had died.

No one said it aloud, but something had.

Katie sat at the table for a long time after they left. Her hand rested on the printed support ticket—the one with that line. The one that turned a misconfiguration into a breach of trust.

She didn’t cry. She didn’t speak. She just stared.

Outside the boardroom, her staff were working as usual. Phone calls. Emails. End-of-month prep. They didn’t know yet.

But they would.

Because it’s never just one breach.

By 4 p.m., the first client had called. They’d seen the incident reported on a threat intelligence feed. They wanted answers.

More would follow.

Katie called her solicitor. Then her insurance broker. Then her PR contact.

I sat across from her. Calm. Clinical. Already thinking six steps ahead.

“Do we need to tell the ICO?” she asked.

“Yes,” I said. “You do.”

She nodded. I just wanted to let you know that I made the call.

The staff meeting happened the next morning. Grim but necessary. Questions followed:

  • Are we safe?

  • Was our data taken?

  • Why weren’t we told sooner?

The hardest one was from a senior associate who had been with the business since year three:

“Why were they still our provider?”

No one had an answer Katie liked.

A week later, Harwood IT was gone, and the contract was terminated. The full audit findings were passed to a solicitor, and a formal complaint was filed with the ICO and the NCSC.

The fallout rippled.

A handful of clients left—quietly, politely, decisively.

Two prospects paused onboarding. One never came back.

The insurance premium doubled.

Katie started sleeping with a notepad by the bed.

We deployed full endpoint protection. Rebuilt from clean images. Segmented the network. Reset every password. Shut down legacy services. Rolled out MFA.

It took six weeks just to stabilise.

And still, one thing lingered in the air: the breach wasn’t the end.

The cover-up was worse.

The business survived, but something changed in Katie. She no longer assumed competence and gave the benefit of the doubt. Every vendor, every tool, every system was scrutinised.

Because once you’ve seen behind the curtain, you don’t forget what you saw.

And trust, once broken, isn’t a security risk.

It’s an existential one.

Noel Bradford

Noel Bradford – Head of Technology at Equate Group, Professional Bullshit Detector, and Full-Time IT Cynic

As Head of Technology at Equate Group, my job description is technically “keeping the lights on,” but in reality, it’s more like “stopping people from setting their own house on fire.” With over 40 years in tech, I’ve seen every IT horror story imaginable—most of them self-inflicted by people who think cybersecurity is just installing antivirus and praying to Saint Norton.

I specialise in cybersecurity for UK businesses, which usually means explaining the difference between ‘MFA’ and ‘WTF’ to directors who still write their passwords on Post-it notes. On Tuesdays, I also help further education colleges navigate Cyber Essentials certification, a process so unnecessarily painful it makes root canal surgery look fun.

My natural habitat? Server rooms held together with zip ties and misplaced optimism, where every cable run is a “temporary fix” from 2012. My mortal enemies? Unmanaged switches, backups that only exist in someone’s imagination, and users who think clicking “Enable Macros” is just fine because it makes the spreadsheet work.

I’m blunt, sarcastic, and genuinely allergic to bullshit. If you want gentle hand-holding and reassuring corporate waffle, you’re in the wrong place. If you want someone who’ll fix your IT, tell you exactly why it broke, and throw in some unsolicited life advice, I’m your man.

Technology isn’t hard. People make it hard. And they make me drink.

https://noelbradford.com
Previous

The Soft Underbelly: How UK SMBs Are Screwing the Nation on Cybersecurity
Next

Retail Cyber Crisis Uncovered: How the Co‑op Hack Is Just the Tip of the Iceberg