Global Processes With Local Support Help a Canadian Company Manage a Data Breach Cyber

or to bookmark this page

Click here to bookmark this page

Click here to remove bookmark

Global Processes With Local Support Help a Canadian Company Manage a Data Breach

Canadian Data Breach | Cyber Risk | Kroll

Kroll’s data breach notification team was engaged to assist an organization who had experienced a large data breach affecting millions of its Canadian customers.

Client Problem

The full extent of the breach, including number of exposed records and type of personal information that had been breached, was under investigation when Kroll was engaged. Contact information was believed to be incomplete for a significant amount of those potentially affected. In order to comply with Canadian data privacy and security authorities,  the affected organization needed to act fast to identify and alert those impacted. 

The wide geographical area , often rural in nature, made conventional mail notification particularly challenging. A network of client vendors and partners of the organization, who were also believed to be impacted, added an additional layer of complexity for the organization’s notification strategy. Further, the client kept government authorities abreast of developments in near-real time to ensure that the proper regulations were being followed, as they were mindful of their regulatory, commercial and customer responsibilities. 

Being unacquainted with the aftermath of a data breach, the client was concerned its employees might be overwhelmed with incoming calls from customers and that day-to-day business operations would be hindered.    

How Kroll Resolved the Problem

Prior to a public announcement, our experts devised a multi-layered strategy to support the organization while providing a defensible response in collaboration with counsel. Kroll had a combination of tactics in place including: 

  • Extended and flexible call center hours 
  • An intelligent IVR, able to route escalations back to the proper client channels based on need  or customer inquiry
  • Unique FAQs for multiple customer segments

As the announcement spread through the media, call volume and response data were reported to the client twice daily, allowing their internal breach team to monitor caller concerns over time. Call center FAQs were updated as more information became available during the forensic investigation, allowing the client to adjust their communications strategy in near-real time.  To assist reaching as many impacted individuals as possible, a second round of electronic notices was sent to those who hadn’t yet activated their monitoring services. Kroll’s call center agents were ready to address their unique circumstances, and the client was able to show they employed multiple methods of notification.

For many in the impacted population, this was the first time their personal information had been compromised in a data breach, leading to questions about personal fraud and identity theft. Kroll’s experienced agents relayed information about the identity monitoring support the client was providing, including dark web and credit monitoring, identity theft insurance and fraud assistance. 

Outcome 

Kroll was able to leverage its experience and expertise to ensure a smooth breach notification implementation, seamlessly collaborating with the client and outside counsel as new challenges occurred to deliver positive results to both those impacted and the client itself.

Watch Brian Lapidus, Managing Director and Global Identity Theft and Breach Notification Practice Leader of Kroll’s Cyber Risk practice, recount this case and how his team was able to provide triage for the affected organization.

Other Areas We Can Help

Cyber Risk

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk
Cyber Risk: The New Due Diligence Frontier, Identity Monitoring

Identity Monitoring

Identity monitoring services that can detect more types of ID theft than credit monitoring alone.

Identity Monitoring
Pre-Closing MAE/MAC to Post-Closing M&A Purchase Price Disputes

Identity Theft Restoration

Access to investigative experts for live support, best practice advice, and identity restoration.

Identity Theft Restoration
Credit Monitoring

Credit Monitoring

Holistic solution for data loss events, including facilitating access to credit reports and credit monitoring.

Credit Monitoring

Insights