The series of significant third-party breaches in 2023, notably the MOVEit breach, highlighted the complex incident response considerations that arise when a service provider is a victim of a cyberattack. Collaboration and coordination among various stakeholders are key, all while the response time remains unyieldingly critical. At a Privacy+Security Forum Fall Academy panel, Troutman Pepper attorneys, along with Kroll’s global head of threat intelligence, discussed third-party incident response issues and practical ways to address them. In this first installment of our two-part series distilling the insights offered, we address messaging, forensic investigations and navigating the dark web. Part two will cover notifications, containment, restoring service and preserving attorney-client privilege. See our two-part series on a ransomware tabletop’s 360-degree incident response view: “Days One to Four” (Jan. 4, 2023), and “Day Five Through Post-Mortem” (Jan. 11, 2023).