CHALLENGE
iDS’s client believed that they might have been the victim of a data breach.
In a suspected data breach, the client needed to understand what reporting obligation, if any, they may have. Working with their outside counsel, we were asked to provide opinions on the compromise of systems, if any, and what data had been accessed.
First and foremost, our client needed to determine if there had, in fact, been a data breach. That required an opinion on the compromise of systems and a determination regarding the accessing of data. Specifically, the client relied on our expertise for the following:
- Understanding and identifying the system of records for obtaining the necessary systems, data, and logs for review
- Determining how encryption may have played a role in the protection of data
- Understanding, explaining, and analyzing the various ways to exfiltrate data
Solution
Our Forensic Team analyzed computers, intrusion detection logs, router logs, and other system related logs in an effort to determine if a breach occurred.
The iDS Forensics and Investigative Team performed their analysis and reported on the following:
- The intruder had very limited access to the affected systems(s)
- The activity had been identified within a few hours of entry
- No actual data had been exfiltrated
- In terms of “access,” the areas visited by the intruder were encrypted
Result
iDS was able to show that while unauthorized access to the network had occurred, no exfiltration had occurred and no viewable data have been accessed.
Our client was confident that while there had been unauthorized network access, no exfiltration occurred and no viewable data was accessed. Accordingly, it was determined by outside counsel that limited to no reporting was required.