Our client had acquired a complementary web-based business which had been running without significant maintenance for a year when unusual events were noted in their log files; these led to some security issues being discovered, and MDR Cyber were brought in to contain the incident, work with the Data Protection team to determine if notifications were needed, and then assist with root cause analysis and remediation.
Working with the client technical team and also undertaking a level of hands-on systems reviews, our consultants were able to firmly identify the data potentially exposed and confirm that there was no evidence that the data had been accessed by unauthorised parties. Controls were put in place to contain the potential incident and prevent a reoccurrence. A broader security review was suggested but declined by the client.
Approximately one month later, the client noted potential security issues within different systems, and brought in MDR Cyber to assess the data access in question, working to determine again whether unauthorised access to data had occurred, and more importantly to determine if the owners of the acquired web-based business had been working with malicious insiders to share client data for a competing service that was being established.
Our clients reviewed the data access controls in place, assessed the settings and logs of a number of online sharing services, and reviewed all available email logs to assess whether there was evidence of any unauthorised activity. Our consultants found that there was no activity of data sharing, but clear signs of other activities which were raised to the client to handle via appropriate means. The client was left with a clear understanding of their data notification obligations, and a view of the potential activities being undertaken by members of their staff.