According to the CRISC Review Manual (Digital Version), the first course of action when a risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet is to invoke the established incident response plan, which is a set of policies, procedures, and resources that enable the organization to respond to and recover from an incident that affects the confidentiality, integrity, or availability of its IT assets and processes. Invoking the incident response plan helps to:
Contain and isolate the incident and prevent further damage or loss
Identify and analyze the source, cause, and impact of the incident
Eradicate and eliminate the incident and restore normal operations
Communicate and coordinate the incident response activities and roles with the relevant stakeholders, such as the business owner, the risk owner, the senior management, and the external parties
Learn and improve from the incident and update the incident response plan and the risk register
References = CRISC Review Manual (Digital Version), Chapter 4: IT Risk Monitoring and Reporting, Section 4.1: IT Risk Monitoring, pp. 219-2201