Leaks of confidential information can have devastating consequences for an organization. Unfortunately, as our information networks become more all-encompassing, the opportunity for information leaks expands. When leaks occur, it is critical to accurately identify their source so that the organization can respond appropriately. A leak of sensitive information to the media orchestrated by a management faction hoping to unseat the CEO calls for a different response than a leak that occurred inadvertently due to inadequate information security practices. However, determining a leak’s source is often a delicate operation, requiring the navigation of legal requirements, employee protections and an organization’s internal political nuances.
Kroll’s Leak Investigations practice combines “hard” research, forensics, data analysis and cyber security expertise with equally essential “soft” capabilities in interviewing and understanding individual and organizational behavior. The result is a multifaceted approach, iteratively gathering information and refining hypotheses. We have helped companies around the world identify internal perpetrators, infiltrations by external parties, accidental leaks through employee error and cases where the “leak” did not involve a breach, but rather a third party piecing together publicly available information.
While it is essential to identify the source of a leak, a Kroll investigation goes further to provide an invaluable, real-world audit of the organization’s information-handling processes and behaviors.
Drawing on those insights, our extensive experience and knowledge of global best practices, we then work closely with the organization’s general counsel and leaders of information security, human resources and other functions to identify vulnerabilities and design solutions that range from installing monitoring software to strengthening policies governing employee social media accounts.
Case Study – Boardroom Leak to the Media Resulting in Share Price Fluctuation
Kroll was retained to investigate a leak of board level information to the media that resulted in share price fluctuation. We were asked to report to the chairman and non-executive directors, with a copy to the regulator. The issue was still “live” and was the subject of ongoing publicity in national press.
The team persuaded all relevant individuals to allow Kroll to image their personal and corporate phones and access emails to enable a full chronology of the relevant time period.
We then conducted forensic mapping of the evolving circle of knowledge of the key facts. This enabled us to identify errors in the journalist’s state of knowledge and cross reference with the state of knowledge of individuals in the institution. Careful and subtle interviewing of the relevant individuals was also carried out.
Our investigators identified the two people responsible for the leak through their inconsistencies and common errors with the journalist. As a result, the board member responsible left the business by mutual agreement and the regulator was satisfied that appropriate steps had been taken.