One of the first steps that should be taken by any organization facing a data loss – whether that company has an incident response plan in place or not – is to get an explicit sense of scope. What happened? When? How many records were lost?

Properly determining the scope of a data breach can save you a lot of time and even more money when compared to the alternative. Consider these two case study briefs, taken straight from Kroll experiences:

1. A financial firm experienced an attack via computer virus, which accessed a system that maintained the records of 180,000 investors. Kroll’s forensic investigations and reverse engineering of the virus concluded that only 13,000 of the investors’ records were targeted.

Imagine the repercussion if all 180,000 customers had been notified that their data was compromised, when only a fraction was truly at risk.

2. When called in to investigate a data loss at a healthcare facility, Kroll’s investigation revealed that the lost laptop in question was not actually lost but in a drawer, untouched.

In this instance, Kroll’s investigation saved the facility money AND reputation in the community; credibility may truly be called into question by announcing you lost a laptop … and then found it.

Whether an organization conducts computer forensics or physical examination of offices and storage facilities or BOTH, demand certainty as a result of the investigation. When compelled by breach notification laws to advise impacted  individuals about an unintentional data exposure, you can’t afford the risk that comes from either:

1. Overlooking people who’ve been affected and NOT notifying them, OR

2. Telling someone their personal information has been lost when it really hasn’t.

Appropriately measuring the true scope of a data loss incident is key to making sure you deliver the right message to the right audience at the right time.

Tags: determining scope

Categories: Data Breach.