Case Study

FTI Technology Provides Personal Information Assessment, Investigation and Notifications Following Data Incident at a Global Corporation

A global corporation headquartered in Europe experienced a data incident with potential exposure of sensitive and personal information. With multiple global regulators on alert for privacy breaches, FTI Technology helped the client assess large volumes of data to quickly understand the extent of the data exposure and support the notification process.

Our Role

FTI Technology was engaged to preserve evidence of the incident, contain and remediate data exposure and assess the quantity and nature of personal information that had been exposed. The expert team delivered the following solutions:

  • Quickly established and managed a highly flexible managed review team of qualified lawyers who could scale up and contract in resources each day to meet the changing circumstances of the review.
  • Searched relevant email accounts and company backups to establish a fulsome review set.
  • Conducted rapid review of the impacted data to determine the extent of sensitive and personal information contained within it. This included narrowing the dataset to a subset of only personal information, so that the client would be prepared to issue specific notifications to impacted individuals and end clients as needed.
  • Developed a bespoke decryption workflow to create large password dictionaries from the exposed data content and use that password dictionary to attempt password cracking of encrypted items within the exposed data set.
  • Created tailored notification bundles unique to the requirements of multiple stakeholders and regulators within tight timeframes to meet contractual obligations.
  • Helped the client defensibly confirm that the incident did not qualify as a reportable data breach.
  • Delivered detailed reports to demonstrate the completeness and defensibility of the workflow, which the client could produce as needed to regulators and end clients.
Related topics: