Fri, Nov 27, 2020

Global Processes With Local Support Help a Canadian Company Manage a Data Breach

Kroll’s data breach notification team was engaged to assist an organization who had experienced a large data breach affecting millions of its Canadian customers.

Client Problem

The full extent of the breach, including number of exposed records and type of personal information that had been breached, was under investigation when Kroll was engaged. Contact information was believed to be incomplete for a significant amount of those potentially affected. In order to comply with Canadian data privacy and security authorities,  the affected organization needed to act fast to identify and alert those impacted. 

The wide geographical area , often rural in nature, made conventional mail notification particularly challenging. A network of client vendors and partners of the organization, who were also believed to be impacted, added an additional layer of complexity for the organization’s notification strategy. Further, the client kept government authorities abreast of developments in near-real time to ensure that the proper regulations were being followed, as they were mindful of their regulatory, commercial and customer responsibilities. 

Being unacquainted with the aftermath of a data breach, the client was concerned its employees might be overwhelmed with incoming calls from customers and that day-to-day business operations would be hindered.    

How Kroll Resolved the Problem

Prior to a public announcement, our experts devised a multi-layered strategy to support the organization while providing a defensible response in collaboration with counsel. Kroll had a combination of tactics in place including: 

  • Extended and flexible call center hours 
  • An intelligent IVR, able to route escalations back to the proper client channels based on need  or customer inquiry
  • Unique FAQs for multiple customer segments

As the announcement spread through the media, call volume and response data were reported to the client twice daily, allowing their internal breach team to monitor caller concerns over time. Call center FAQs were updated as more information became available during the forensic investigation, allowing the client to adjust their communications strategy in near-real time.  To assist reaching as many impacted individuals as possible, a second round of electronic notices was sent to those who hadn’t yet activated their monitoring services. Kroll’s call center agents were ready to address their unique circumstances, and the client was able to show they employed multiple methods of notification.

For many in the impacted population, this was the first time their personal information had been compromised in a data breach, leading to questions about personal fraud and identity theft. Kroll’s experienced agents relayed information about the identity monitoring support the client was providing, including dark web and credit monitoring, identity theft insurance and fraud assistance. 

Brian Lapidus
Outcome 

Kroll was able to leverage its experience and expertise to ensure a smooth breach notification implementation, seamlessly collaborating with the client and outside counsel as new challenges occurred to deliver positive results to both those impacted and the client itself.

Watch Brian Lapidus, Managing Director and Global Identity Theft and Breach Notification Practice Leader of Kroll’s Cyber Risk practice, recount this case and how his team was able to provide triage for the affected organization.



Cyber and Data Resilience

Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.

Identity Theft and Breach Notification

Services include drafting communications, full-service mailing, alternate notifications.

Identity Monitoring

Kroll’s unique combination of identity monitoring services can detect more types of identity theft than credit monitoring alone, providing practical help to combat identity theft and fraud.


Data Breach Call Center Services

A notification letter can generate lots of questions for those affected by a data breach. Kroll’s call center services are provided by skilled representatives who know how to handle difficult questions and stand at the ready to serve your breached population.

Identity Theft Restoration

Kroll provides your breach population with direct access to investigative experts for live support and best practice advice, as well as identity restoration should they become victims of identity theft.

Credit Monitoring

Credit monitoring can be a powerful tool to offer in the wake of a data breach. Kroll provides a monitoring alert system that’s backed by the expertise of our licensed investigator team.