Case Study
FTI Technology Identifies Personally Identifiable Information Within Box Environment to Support Client’s Data Breach Response
Expert-led, proprietary emerging data sources solutions and workflows were instrumental in targeting the full scope of sensitive information impacted in a client’s data breach. The combined power of FTI Technology’s expertise in emerging data sources and data breach response allowed the client to reduce costs while meeting tight breach notification deadlines.
Situation
When a client realized its Box environment may have been breached as part of a cybersecurity incident, the company needed to quickly identify whether any personally identifiable information was stored within its Box instance. The company was under significant pressure to determine the scope of the breach and faced the potential for legal and regulatory penalties if breach notifications were not issued to the impacted parties within specified timeframes.
The total dataset within Box amounted to 21 terabytes, and in addition to identifying whether PII had been breached across such a large repository, the company needed to determine which data had been exposed, so it could issue accurate notifications. However, the only identifying information available to the breach response team was the pathing details for files likely accessed. Identification and download of only the accessed files was not possible using Box native functionality or other off-the-shelf tools.
Moreover, the initial request was to download all 21 terabytes of data and search for the subsets after collection. However, time was a critical factor and there was no way to collect such a large volume of data before the looming deadlines.
Our Role
FTI Technology was engaged to assist in developing a workaround to quickly and cost effectively identify the potential PII that a threat actor may have gained access to. Working with the client and its Box relationship manager and developer, FTI Technology’s emerging data sources experts generated specific reports that provided details including file names, IDs and pathing details to compare against a list of files the threat actor was believed to have potentially accessed.
FTI Technology then leveraged the built-in capabilities of FTI Technology Connect to perform a targeted collection of approximately 6,000 files based on matches, from across numerous locations within the 21 terabyte Box environment.
The team ensured that potential API quotas within Box were followed to avoid cost implications. Relying on the estimates the team established with Box, no additional charges were incurred by the client.
This expert-led diligence exercise included:
- Generation of detailed reports mapping file names, IDs, and pathing details for cross-comparison with potentially accessed data.
- Targeted collection of approximately 6,000 files from within a 21-terabyte dataset, reducing scope while maintaining accuracy.
- Coordination with Box API and platform representatives to ensure compliance with rate and cost limits.
- Rapid turnaround to meet breach notification deadlines without overcollection of data.
Our Impact
FTI Technology was able to identify and collect targeted subsets of data and accurately identify all potentially affected PII.
FTI Technology’s innovative workflows allowed the client to avoid collection of the entire 21 terabytes of Box data, saving costs and allowing the organization to meet imposed breach notification deadlines.