Data Breach Investigation

DATA BREACH

Our Data Breach Team is ready to assist you.

Our AR INTELL Incident Response and Data Breach Investigations team are ready to assist you.  When we perform an Incident response operation we follow detailed procedures to handles the data breach or cyberattack. We follow your company/organization’s policy in order to mitigate the cyber attack / data breach consequences.

Your company it’s data has leaked, you have been data-breached…

Just imagine that virtually everybody can download your confidential data and use it for all sorts of nefarious purposes. We have barely started to understand the different scenarios of the data abuse that will and has resulted from all these data breaches. We give you a few examples of these hellish scenarios…

Recently in 2021 the following a number of top data breaches have occurred. Just a few pointers should be enough to highlight the seriousness of this topic:

  • the average cost PER data breach will is estimated to be over $150 million by 2021
  • the global yearly cost for data-breaches is forecast to be $2.1 trillion.
  • during the 1st 6 months of 2018 more than 4.5 billion records were exposed via data breaches
  • Example for 2019, 2.7 billion identity records were posted on the web

Numerous companies and organizations had their data leaked online, the security of cloud-based storage was either over-estimated, or security controls were not implemented. One wonders how all these data are being misused and will continue to be used against your interest or the interest of the company who collected and store these data.

Examples of +50 huge data breaches with billions of records exposed online and offered for sale on the dark web.

Adult video streaming website CAM4 – March 2020 – 10.88 billion records
Yahoo data breach – October 2017 – 3 billion accounts
AADHAAR Data Breach – March 2018 – 1.1 billion people
First American Financial Corp. data breach – May 2019 – 885 million users
Verifications.io data breach – February 2019 – 763 million users
LinkedIn data breach 2021 – June 2021 – 700 million users
Yahoo data breach 2014 – 500 million accounts
Starwood (Marriott) data breach – November 2018 – 500 million guests
Adult Friend Finder data breach – October 2016 – 412.2 million accounts
MySpace data breach – June 2013 – 360 million accounts
Exactis data breach – June 2018 – 340 million people
Twitter data breach 2018 – May 2018 – 330 million users
NetEase data breach – October 2015 – 234 million users
Sociallarks data breach – January 2021 – 200 million records
Deep Root Analytics data breach – Jun 2017 – 200 million U.S voters
Court Ventures data breach – ‍Oct 2013 – 200 million personal records
 LinkedIn data breach – June 2012 – 165 million users
Dubsmash data breach – December 2018 – 162 million users
Adobe data breach – October 2013 – 152 million
MyFitnessPal data breach – February 2018 – 150 million users
Equifax data breach – September 2017 – 148 million people
eBay data breach – February/March 2014 – 145 million users
Canva data breach – May 2019 – 137 million users




Unintentional data disclosure

A data breach is similar to a data leak. We call this also unintentional information disclosure, information spilling or data spillage.

A data breach results from a cyberattack. In this instance, cybercriminals obtain unauthorized access to a computer system or network. As a result, your private data, sensitive documents, or other confidential data will have been stolen. These data often contain the personal and financial details of customers.

Thus in the event of a data breach; the attacker will release your secure, private & confidential data onto the public internet, deep web, or dark web. This causes quite some instant and long-term damage to your company or organization.

Ask yourself how you will prevent this type of damaging form of information leakage.

Which type of data could have been exposed?

  • employee information
  • trade secrets
  • intellectual property
  • usernames, email addresses
  • data of birth, social security numbers
  • passwords, login credentials
  • cellphone numbers, fixed phone number
  • postal addresses, private addresses
  • passport number, I/C numbers and other customer ID’s
  • bank account numbers
  • credit card numbers
  • credit and debit accounts
  • e-commerce logins
  • IM chat content (whatsapp, messenger and other systems)
  • online payment account information
  • exposed business and consumer data
  • social media profiles
  • data points on personal interests and individual preferences
  • retail customer details
  • personal pictures
  • details of your hotel visits
  • details of contracts
  • government information
  • military information
  • law enforcement related data

Dangers of a data breach

Dangers of a Data Breach

  • infiltration of your data systems
  • identity theft, PID exposed
  • company reputational damage
  • blackmailing
  • malware attacks – ransomware attacks – phishing
  • fines by authorities for non-compliance with GDPR and PDPA
  • putting customers and supply-chain at risk or in harms way
  • loss of vital information
  • personal data sold and or misused
  • violation of your privacy 
  • exposure and exploitation of PID (personally identifiable data)
  • by using the data exposed in the data breach, lateral movement will occurr and more attacks will follow
  • full and violent exploittion of the data will occur

Instant Response Check list – Immediate action to take in the 1st 24 hours after the data breach

There are many variants possible on the response scenario but we think that this should be the rough timeline of your actions to take when you were hit by a data breach attack.

Did you ever think of doing a simulation? Prepare for the worst, hope for the best!

Who are the actors behind a data breach?

  • black hat hackers
  • personal gain hackers
  • organized crime groups
  • political activists
  • nationstate hackers
  • APT groups
  • other adversaries
  • unknown cyber criminals

Data Breach Investigation

A data breach investigation will focus on the:

  • insider threat
  • outsider threat
  • interaction of both

After you have detected the data breach, the 1st step is to contain the data breach with your Incident Response Plan. 2nd step is to minimize your direct losses. But then immediately the intelligence gathering will need to start. So, at that point in time, a thorough investigation can be set up by our independent & experienced forensic investigators.

You can rest assured that we will find the source of the data breach, document the extent, the effect of the data leak and hopefully find the perpetrators.

Hence, as you can imagine; we need to investigate the details of what happened. and understand the chronology (when). Later we will see why it happened, who did what, and how it was done (the methodology). Especially the lead-up to the events needs to be thoroughly documented. There is always trace evidence or digital footprint.

During our investigation will address the following topics:

  • extend of the damages
  • post mortem report
  • we check what and who is affected
  • map out the attack
  • document the cyber kill chain
  • pattern discovery
  • timeline of the attack + life cycle of databreach
  • profiling of insiders involved
  • profiling of external parties – suspects
  • summary of attack vectors
  • document mistakes, accidents or misuse by staff or vendors
  • was this a targeted attack by malicious operators?
  • identify the attackers
  • determine the tools and methods used
  • status of the Intrusion Prevention / Detection System
  • observation of suspicious behavior
  • analysis of log-files
  • collection of breach-related data
  • conduct interviews with staff and vendors
  • document all discoveries
  • how will you inform the affected parties?

Who are the targets for this type of cyber attack?

Essentially anybody who hosts a substantial amount of data online and/or offline can become the victim or target for a data breach. Common and popular candidates for data leaks are:

  • banks & financial institutions
  • legal firms
  • consulting agencies
  • most business corporations, but typically major corporations are prime targets
  • big hotels
  • businesses of specific importance
  • defense industry
  • computer data centers
  • governments
  • hospitals, medical facilities
  •  healthcare organization
  • social media companies
  • VPN providers
  • ISP – Internet Service Providers
  • Telecoms
  • cloud storage services

There is a good historical overview of major data breach incidents here. Do take note that many data breaches are never reported, because of confidentiality issues and probably regulatory requirements.

Why do a data breach investigation?

  • prevent future databreaches
  • we try to understand what can be done with the stolen information
  • future risk mitigation and remediation
  • minimizing the current and future losses
  • successful containment strategy
  • 100% disaster recovery
  • do a proper post attack recovery
  • provide a good explanation to your customers about the databreach