My bookkeeping vendor reports a security incident, what do I do?
A security incident at Yuki, Exact, Twinfield, Snelstart or another package touches your data. First read what they reported, then check your own logs, then consider GDPR notification duty.
Try this first
- 1Read the vendor incident report carefully: which data was hit, what leaked, what mitigation.
- 2Open your own logs in the package: who logged in over the past 30 days, what exports or changes happened.
- 3Reset passwords for all users, especially admin accounts, and enable 2FA if not already.
- 4Assess whether customer or employee personal data was involved, if yes, GDPR notification within 72 hours to the DPA and where needed to data subjects.
- 5Document everything in an incident log for your accountant and any audit, even if the vendor says your tenant was not impacted.
When to bring us in
If you are unsure about notification duty or impact assessment, we can review before the 72-hour clock runs out.
See also
- Switching from Exact Online to Yuki, open items and history do not matchPackage migrations stumble on ledger mapping and open AR/AP. Without a mapping table you lose context.
- Twinfield to Exact, dimensions and cost centres go missingTwinfield uses dimensions, Exact uses cost centres and projects. The mapping is not one-to-one.
- Accountant asks for RGS mapping, your ledger does not follow RGSRGS is the Dutch standard chart that SBR filings and accountant software expect. Without mapping, every year-end is manual.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.