In the event of a discovered or suspected Security Event, HUB shall provide notice without undue delay to Customer’s technical and account contacts using those means established for routine account-related communications (or other such method of notice as agreed between us).
Our notice shall include the following information to the extent it is reasonably available to HUB at the time of the notice, and HUB shall update its notice as additional information becomes reasonably available: (i) the dates and times of the Security Event; (ii) the facts that underlie the discovery of the Security Event, or the decision to begin an investigation into a suspected Security Event, as applicable; (iii) a description of the Personal Data involved in the Security Event, either specifically, or by reference to the data set(s), and (iv) the measures planned or underway to remedy or mitigate the vulnerability giving rise to the Security Event.
We will take those measures available, including measures reasonably requested by you, to address a vulnerability giving rise to a successful Security Event, both to mitigate the harm resulting from the Security Event and to prevent similar occurrences in the future.
We will cooperate with your reasonable requests in connection with the investigation and analysis of the Security Event, including a request to use a third-party investigation and forensics service.
HUB shall retain all information that could constitute evidence in a legal action arising from the Security Event and shall provide the information to you upon your request. Except to the extent required by law in the written and reasonable opinion of HUB’s legal counsel, or as reasonably required by our investigation of the Security Event or our other contractual obligations, we will not disclose to any third party the existence of a Security Event or suspected Security Event or any related investigation without Customer’s prior written consent.