Success Story

The Cyber Security Team Clarifies a University’s Obligation to Notify a Cyber Breach

Contact Us
< Back to Insights
Insights  <  The Cyber Security Team Clarifies a University’s Obligation to Notify a Cyber Breach

The Challenge

A well-known law school’s backup server had been compromised overnight and unknown data had been transmitted from the system. The backup server housed data from all of the law school’s systems including personally identifiable information (PII) for past and present students, faculty and staff as well as other financial data. The school was facing the prospect of notifying all of its students, faculty and staff that their personal information may have been compromised.

The Investigation

Our experts were brought in to assess the situation, determine what data had been lost and to provide information to our client so it could meet its disclosure obligation. The only piece of information available about the compromise was the approximate size of the data sent from the compromised server. No logs or other information were available so that the school could assess its liability. Using our forensic skills and extensive systems expertise, David Sun and the cybersecurity team narrowed the potential breach to a small set of backups and further narrow the potential disclosure of PII to less than 10 individuals.

Learn More About Our Data Breach Incident Response & Recovery Services

The Benefits

The client was able to avoid the embarrassment of a large scale data breach. Damages resulting from the breach were limited to providing credit monitoring for a handful of individuals instead of potentially thousands. In addition, the client uncovered several unknown security issues that could have resulted in future loss or compromise of private data and intellectual property.

Contact Us

Associated Industries

Let us help you create what's next
find it here.

Or contact us