While the initial analysis appeared to indicate the breach was limited to only several employee inboxes and a small number of file servers, once FTI Technology began looking at the dataset, the team discovered that the breach extended to millions of datapoints containing personal or sensitive information — including national and passport identification numbers, usernames, passwords and other sensitive personal data across dozens of data sources including email, file servers and business applications.

The breach response quickly became a high-pressure, high-stakes incident. This led to ongoing discussions between the client and outside counsel about risk tolerance, cost and specific notification requirements relating to the breach. FTI Technology’s deep expertise in privacy regulation and understanding of digital risk were integral to informing these critical decisions and helping the client understand the facts underlying its risk conversations.

The forensic investigation of the incident also occurred at the same time the data analysis began. The team started with an initial subset of data that grew as the forensic investigation progressed. The team implemented a phased approach to the analysis, which helped maintain progress despite changes and delays in the dataset resulting from the evolving investigation.

Our Role

In the initial week, FTI Technology conducted a robust preliminary analysis that provided the client with a broad view of the extent of the breach and the level of risk associated with it. This included a combination of complex techniques including artificial intelligence and predictive coding as well as bespoke solutions to address challenges with emerging data sources and unstructured data. Because the exercise focused on individuals rather than documents, traditional e-discovery workflows were not applicable.

The team’s extensive experience in data breach response was critical in developing novel workflows and prioritising different categories of data in a highly complex dataset. The analytics models were designed to efficiently identify high-priority data categories such as children’s personal information, health-related information and personal identification numbers first and foremost.

In addition to initial scoping and analysis and application of advanced analytics, FTI Technology delivered the following solutions:

  • Implemented an analytic review to reduce the scope of data sources containing affected personal data by 90%.
  • Conducted an extensive data cleansing exercise to reconcile poor data quality, duplicative information and intermingling of employee data and customer data.
  • Provided analytics to confirm the affected dataset for extraction. Mapped each affected individual and each data entity to clearly determine and document who was impacted and which breached items related to each person, to enable fulsome and accurate breach notification.
  • Implemented machine-based extraction workflows to automate where possible. When automation was not possible, the team leveraged FTI Technology’s document review experts to extract specific information as needed.
  • Supported legal counsel in reporting and engaging with numerous regulatory bodies investigating the breach. Ensured all workflows were documented and traceable to fulfil requirements and ensure that the notification was as complete as possible for high-risk and highly sensitive personal information.