How your organisation's incident response plan addresses database hacks, unauthorised access and data leaks

We have the following procedure in place when the servers/databases are hacked:
1. make the hacked server offline as soon as we find out the hack, disconnect it from other devices within the network,
2. change all password/certificate for all accounts on all servers/PCs that are on the same network of the compromised system,
3. inform data protection personnel if the compromised system holds any personal information and asks for full disclosure.
4. examine the hacked system to find out how, when the attack took place; understand the attacks if possible
5. follow the data recover plan for recovery and bring back the service.

Follow the incident plan and inform Amazon by sending email to security@amazon.com, do not notify any Amazon customer unless a written request granted from Amazon