Responding swiftly to a data breach may involve legal counsel and/or forensic investigators depending upon the depth and severity of the breach.  Going offline immediately (without shutting down any equipment), will help isolate the breach and having backup equipment to swap in its place could keep you online throughout the duration of the investigation.  Local police must be called in; and a communication plan must be activated to reach all affected parties from employees to customers to vendors, etc.  Utilizing your website to provide good communication upfront can be an effective way to address concerns and possibly save you money and time in the long run.  Breaches involving personal information must follow State and Federal legal protocols.  Spelling these protocols out in a disaster plan ahead of time can be a tremendous help considering how many it may involve.