In addition to complying with any applicable laws and regulations, you and your agents must take immediate action to contain the incident, notify payment system partners and investigate the incident, which may include retaining an independent PCI Forensic Investigator (PFI).
Follow these steps if you believe you’ve been compromised
Stay alert and monitor all systems that have cardholder data or may have connections to the cardholder data environment.
Don’t log in or change passwords on the at-risk systems. Don’t log in as ROOT.
Detach the at-risk system from the network by unplugging the cable. Do not turn it off.
Change secure service identification on the access point and all systems using a wireless connection, except the at-risk systems.