Case Studies

SunBlock Systems Clarifies a University’s Obligation to Notify a Cyber Breach

The Client:

The Law school of a well know New England university

The Scenario:

A well-known law school’s backup server had been compromised overnight and unknown data had been transmitted from the system. The backup server housed data from all of the law school’s systems including personally identifiable information (PII) for past and present students, faculty and staff as well as other financial data. The school was facing the prospect of notifying all of its students, faculty and staff that their personal information may have been compromised.

The Investigation:

SunBlock experts were brought in to assess the situation, determine what data had been lost and to provide information to our client so it could meet its disclosure obligation. The only piece of information available about the compromise was the approximate size of the data sent from the compromised server. No logs or other information were available so that the school could assess its liability. Using our forensic skills and extensive systems expertise, the SunBlock team narrowed the potential breach to a small set of backups and further narrow the potential disclosure of PII to less than 10 individuals.

The Benefits:

The client was able to avoid the embarrassment of a large scale data breach. Damages resulting from the breach were limited to providing credit monitoring for a handful of individuals instead of potentially thousands. In addition, the client uncovered several unknown security issues that could have resulted in future loss or compromise of private data and intellectual property.