Upon discovering a data breach involving unauthorized access to the customer records system, what is the PRIMARY action the security team should focus on according to standard security protocols?
Immediately isolate affected systems to stop the spread of the breach.
Prioritize the review of security logs to trace the origin of the attack.
Start documenting the details of the breach and response actions taken.
Notify the company's legal team and prepare for public disclosure.