You Must Immediately Report A Social Engineering Attack.
Once your employees are fully trained, aware, and have the skill set to Identify a social engineering attack In action, It's of the utmost Importance to report It at their very earliest convenience, preferably to the person who's In charge of the training.
It serves very little to no purpose If you're keeping It to yourself, thereby run the risk of other staff members falling victim. Subsequent attacks, particularly those unsuccessful over the phone, are most likely to happen again within a short time frame- with the attacker hoping to SE another employee.
The more Information you can distribute about the attack, the better your organization can prepare Itself and formulate preventative measures. When It's reported ASAP, the nature of the SE must be discussed with ALL personnel. Be sure that everyone has a clear understanding of the attack vector that was used.
If the attack was successful, utilize the methodology that was executed by the social engineer as an awareness factor to help prevent the same thing from happening again.