# Exercise Record — SC-A1 Cross-Tenant LLM Data Leak

**Exercise:** Q2 2026 Incident Response Tabletop
**Organisation:** Lumen.health (fictional)
**Date:** 14 May 2026, 14:00–15:30 CET
**Scribe:** Tom De Vries
**Incident Commander:** Aisha Khan

> The Scribe's live capture. Times are *simulated* exercise clock times, anchored to the scenario detection time of 09:12. *Fictional content.*

---

## Timeline of decisions

| Sim. time | Who | Decision / action | Information it was based on |
|---|---|---|---|
| 09:14 | Aisha (IC) | Declared **SEV-2** incident; opened the bridge; named herself IC, Lukas Tech Lead. | Org A ticket + screenshot; not yet confirmed as cross-tenant. |
| 09:18 | Lukas | Confirmed leaked text matches a real Org B document via the index. | Reproduced the retrieval in staging. |
| 09:19 | Aisha (IC) | **Escalated SEV-2 → SEV-1** (confirmed cross-tenant personal-data exposure). | Lukas's confirmation. |
| 09:26 | Lukas | Containment: **disabled the clinical-intake assistant org-wide** via feature flag (not just for Org A/B). | Bug reproducible on demand → could affect any tenant. |
| 09:27 | Aisha (IC) | Accepted the blast radius: all customers lose the assistant feature until the fix ships. Logged as a deliberate trade-off. | "Stop the bleeding beats preserving one feature." |
| 09:33 | Sofia (Comms) | Drafted holding reply to Org A: acknowledged, investigating, will update within 2h. Did **not** yet confirm a breach. | Facts not yet established; avoid premature admission. |
| 09:41 | Anne (DPO) | Both docs contain Art. 9 health data → **notifiable breach**. **GDPR 72h clock started at 09:18** (time of confirmation, not detection). | Reviewed the two documents' contents. |
| 09:42 | Anne (DPO) | Issued legal hold on the gateway logs + index snapshots. | Preserve evidence for the regulator file. |
| 09:55 | Aisha (IC) | Scope decision: treat as **systemic** until proven otherwise after Org C's tweet. Tasked Lukas with an index-wide cross-tenant audit. | One reproducible scoping bug ⇒ assume not isolated. |
| 10:08 | Lukas | Fix verified in staging; recovery plan: deploy fix → run cross-tenant retrieval probe across all tenants → only then re-enable. | "Re-enable on green probe, not on deploy." |
| 10:20 | Aisha (IC) | Stand-down criteria agreed: probe clean + DPO notification drafted + affected customers individually contacted. | — |

## Decisions log

- **D-1** — Disabled the assistant org-wide rather than per-tenant; accepted feature loss for all customers as the cost of containment.
- **D-2** — 72h GDPR clock anchored to **confirmation (09:18)**, documented rationale (detection at 09:12 was an unconfirmed report).
- **D-3** — Treated as systemic, not isolated, pending the cross-tenant audit.
- **D-4** — Recovery gated on a **cross-tenant retrieval probe**, not on the fix deploy.

## Assumptions surfaced

- We assumed the feature flag actually disables retrieval, not just the UI. *Nobody had tested that.* → action item.
- We assumed gateway logs retain enough to scope which other tenants were affected. *Retention is 7 days; the bug may be older.* → action item.
- We assumed the DPO could be reached within the hour. *She was in the room; on a real Tuesday at 02:00 she may not be.* → action item.
