Skip to main content

Service B: Incident two

Wednesday 5pm

You try to login to the service’s email account but it asks you for a 2-step verification code. You haven’t set this up and you don’t recognise the last digits of the mobile number it says the code has been sent to.

  • Other staff say they can’t login either and nobody has setup 2-step verification on this account.
  • You begin to receive phone calls from people who use the service. They are angry to have been sent emails demanding payment.
  • Further calls come in from stakeholders warning that you are emailing malware out to people. You still have no access to your email account.

Activity