You are the chief executive officer of Deposit Information Systems, a company that performs “back office” processing of checking account information for several thousand banks, savings and loan institutions, and credit unions. Your service requires you to hold personally identifying information for hundreds of thousands of depositors in your customer’s accounts. One day your chief technology officer knocks on your office door and says, “We’ve got a problem.” A routine security sweep has uncovered the fact that a hacker has inserted malware into your system that has the capacity for accessing and misappropriating any information your company has received from its financial institution customers. Your CTO doesn’t yet know how much data may have been stolen, but she thinks it may be “a lot.” As a provider of electronic data processing and back-office services to financial institutions, your company is subject to regulatory oversight and examination by federal banking regulators and various state regulatory authorities; your bank customers are subject to the requirements of the Gramm-Leach-Bliley Act. What should you do?