Data breach investigations analyse an organisation’s application and network data to identify cyber security incidents. Once determined a data breach has occurred, investigators will seek to establish its cause and implement any necessary remedies. The objective of a data breach investigation is to answer these questions:

• Did a data breach occur?
• How severe, and what is the extent of the data breach?
• Which application or network data type was compromised?
• Are there any remaining threats that require to be isolated and eliminated?
• Is the breach indiscriminate, accidental or targeted?
• Who is responsible for the breach (if possible) and what is their motive?
• How to prevent future breaches and close security gaps?

Investigators will provide a report outlining recommended remediation works, appropriate steps to prevent future breaches and evidence for compensation claims.

Cyber security incidents that compromise critical and sensitive data can result in significant financial loss and reputable damage. Malicious attacks usually focus on the theft of customer, employee and company data including personal identification, health and financial records, intellectual property, business intelligence and commercial agreements.

As a result customers, employees and suppliers all can become unsuspecting targets of the same malicious actors that executed the original cyber attack. Undetected data breaches may lead to:

• Additional cyber attacks that render an organisation unable to function
• Loss of competitive advantage due to data leakage of intellectual property and business intelligence to competitors
• Supply chain disruptions as suppliers investigate and mitigate their own cyber risks and attacks
• Customers experiencing identity theft and fraud after personal data is sold on the dark web

Data breach investigations allow investigators to take immediate action to identify and isolate current threats. It enables an organisation to:

• Implement recommendations provided by investigators
• Prevent and mitigate future cyber incidents ensuring business continuity
• Re-instill customer and employee confidence
• Seek compensation through insurance claims and legal action

Cyber security specialists should be employed to investigate data breaches for the following incidents:

• Hacking attempts and intrusions with the intent to take over and/or disable networks, access accounts or identities, steal trade secrets and/or intellectual property or delete data
• Phishing, brute-force access, virus and ransomware attacks
• Office 365/Cloud service breaches involving mismanaged credentials or sophisticated user identity password and permissions-based targeting
• Self-propagating extortion attacks including ransomware, malware and virus outbreaks
• Code injection attacks and crypto-jacking where code is stored on computers, websites, servers, etc. to perform unauthorised tasks including crypto-mining 
• Suspected insider threats or thefts involving internal staff accessing, compromising, sharing or selling data
• Human error or accidental exposure over the internet leading to leakage of sensitive or protected data 

• Data lost in transit due to copying on external devices, or due to failure to appropriately dispose of, or clean decommissioned data carrying devices