Case Study
Stopping a Brazen Theft
Situation: A leading international real estate information company suspected its data had been stolen and sold by a competitor.
FTI Technology’s forensic experts teamed with local law enforcement to conduct a search and seizure, performed forensic imaging on close to 300 computers and devices and documented every step while adhering to the collection laws of the Philippines.
A database company suspects its data has been stolen
All companies have valuable proprietary data. For some companies, however, data is the heart of their business. In this case, FTI Consulting was engaged to assist a leading commercial real estate information company (call it “RealData”) that had invested over $1 billion to build a database that contained information on more than 4.5 million international commercial properties. RealData employs a team of trained researchers to make sure its information is accurate, comprehensive, and up-to-date, and its revenue comes from brokers, developers, owners, and other real estate professionals purchasing access to its database.
Toward the end of 2015, RealData began to suspect that a competitor was using a Business Process Outsourcing (BPO) company in the Philippines to steal its data: accessing the database, downloading the data, removing RealData’s watermark, rebranding it as its own, and uploading it to its own database.
If its suspicions were justified, such a theft would pose an existential threat to RealData’s business. Accordingly, it engaged external counsel in the United States, the UK, and the Philippines. Its counsel in the Philippines obtained search warrants for multiple sites operated by the competitor’s BPO.
FTI Consulting’s role: Flawlessly executing a forensic investigation
FTI Consulting assembled a team of more than 14 technology experts from Hong Kong, Singapore, Japan, the Philippines, Australia, and Washington, DC.
Seven members of the team traveled to Manila, where they met with a courtappointed commissioner and a team of local sheriffs. Because the suspect BPO was one of the largest employers in its community, a private security detail was engaged to reduce the risk of the team being detained or confronted by residents resisting the search and seizure process.
The combined group – 70 strong – spent the night at a hotel close to the BPO site, and entered the BPO premises en masse early the next morning to execute the search warrant.
Given the adversarial and litigious nature of the Philippines court system, FTI Consulting knew it was critical to ensure that the entire search and seizure was conducted according to the most stringent forensic principles and practices. Collectively, the FTI Consulting members on the team brought over 100 years of forensic experience to the search and seizure component alone. All of them held certifications from respected credentialing bodies, and used industry-standard forensics software and processes to manage the proper handling and analysis of the digital evidence.
Meanwhile, the case illustrates the importance of several data governance principles:
- If you use a BPO, conduct regular audits to ensure it is not doing anything illegal.
- Stipulate in your contract with the BPO that your data be segregated from the BPO’s other client data. That way, your data will be safe and accessible should the BPO be found to be engaging in nefarious activities for another client.
- Know the location of all your data. If you are served with a search warrant, and you know exactly where the relevant data is stored, you may be able to hand over specific files, computers, or servers without surrendering all your hardware and seeing your business grind to a halt.
- Search warrants typically only cover devices at a given location. Therefore, it is a good idea to have comprehensive off-site data backup to ensure business continuity.
- Conduct regular cyber risk and information governance reviews to mitigate the risk of data theft.
- Where appropriate, seek independent, external advice.
Impact: The theft revealed
For two weeks, 10 members of the FTI Consulting team worked alongside Filipino sheriffs in a guarded and secure facility to perform forensic imaging on close to 300 computers and other devices seized from the BPO. Meanwhile, under Orders, FTI Consulting team members collected data from dozens of web-based email accounts used by the BPO’s officers.
FTI Consulting knew it was critical to maintain an unbroken chain of custody. FTI Consulting team members carefully documented every step of the imaging and analysis process, and personally traveled with the data. The FTI Consulting team created two separate reports – one covering the forensic analysis, and a separate one that detailed the forensic acquisition and the chain-of-custody protocols that were followed rigorously.
FTI Consulting’s work uncovered proof that the competitor had been using its BPO to steal RealData’s IP. The forensic imaging and analysis revealed manuals, procedures, schedules of work and invoices, pirating software, virtual private networks, and documents showing the process by which the BPO took RealData’s data and repackaged it as its own.
RealData, and its external counsel from the Philippines, have expressed their happiness with FTI Consulting’s forensics work, which has provided solid evidence for RealData’s claims against its competitor.