Outcome

Important data for an incident response project preserved during a hurricane

Situation

  • A company in the Atlanta area suffered a data breach and needed digital forensics and incident response services (“DFIR”) as soon as possible.
  • They needed to identify the extent to which unauthorized data left the company, how many users were impacted, and whether or not it was part of a larger attack.
  • Unfortunately, the timing could not have been worse because Hurricane Matthew was making landfall in Florida and Atlanta had turned into an evacuation zone.

Impact

  • The company needed to preserve important evidence and gather the facts as quickly as possible in order to comply with its breach notification obligations.

Resolution

  • Two hours after the initial phone call, a forensic analyst from TCDI was on his way to the airport to catch a flight to Atlanta. In the meantime, the administrative team relentlessly searched for a hotel and rental car during a time when almost everything in the area was already booked due to the area being an evacuation zone.
  • The TCDI analyst arrived that night and got the last reservation at a hotel 40 minutes outside the city. The data was preserved the next day and brought back to the Cleveland office for the analysis.  The analysis was completed on an expedited schedule so that the client had all of the facts surrounding the data breach before the deadline.