Simulation note: This is a controlled teaching artefact for The LotusCare Breach (Simulation).
Content is fictional and designed to model organisational decision-making under uncertainty.
No real personal data, real ransomware instructions, or operational steps are included.
Incident Updates
Short, timestamped updates suitable for internal distribution. Use restrained language and separate facts from assumptions.
| Time | Update | Tag | Reference |
|---|---|---|---|
| 06:40 | Service disruptions observed across multiple business units. Contingency processes activated. | Observed | LC-INT-01 |
| 08:05 | Initial triage suggests ransomware impact on selected endpoints and shared services. Scope under validation. | Preliminary | LC-SEC-01 |
| 09:05 | Holding statement drafted for external enquiries: “investigating alleged cyber incident”. | Draft | LC-COMMS-01 |
| 10:22 | Open-source listing claims negotiation failure and threatens release. Treat as unverified. | Reported | DW-LC-POST-01 |
Open questions (internal)
- Which systems are confirmed impacted vs precautionarily isolated?
- Is there any corroborated indicator of unauthorised data access or staging?
- Which client cohorts are plausibly affected if exfiltration occurred?