Global Technical Consulting Firm

Challenge

FRA was asked to assist with an incident response for a potential breach of highly sensitive client data. We were advised that the breach was initiated from unknown sources, and asked to respond immediately due to the sensitive nature of the data at risk.

Action

FRA responded immediately after being notified by the client of the breach. We assisted with the execution of the client’s incident response plan, and managed the identification and collection of pertinent log files and data. We also conducted triage and analysis of collected data on a rolling and ongoing basis. FRA assisted the client’s IT and Legal staff to provide real-time updates on the scope and scale of the breach.

Solutions

FRA determined that one of the client’s former IT administrators had been able to access the company network through compromised credentials, despite having their access and privileges revoked upon termination. We determined that the former employee was able to traverse the client’s network and access servers containing email and other sensitive data.

FRA ultimately determined that the former employee had created fake email accounts in an attempt to have ongoing access to sensitive client emails. We also determined that the former employee attempted to complicate the client’s review of their own email by attempting to “hide” under GDPR privacy policy. They attempted this obfuscation by moving their own non-personal email and documents into a “Personal” folder. FRA was quickly able to discover this ruse and fully identify any malicious actions taken by the former employee. This includes identifying when the former employee accessed the client’s system as well as determining that no sensitive data was compromised.