GRA found the source of a hack on a major telecom company’s databases. We advised the company’s board to disclose the breach and implement a brand-new security system. The outcome: a reputation preserved.
Hackers broke into restricted areas of a major telecommunications company, exposing reputational and professional risks. The company needed to know the full extent of the crisis.
The company’s executives engaged GRA to analyze the threat landscape and to forecast potential damage scenarios. We were then asked to present our findings and recommendations to the board, which was composed of former senior members of the US government. GRA’s initial risk assessment first located the genesis of the breach at one of the company’s offshore server farms. But then, after we traced the hackers’ approach, we discovered that the breach had actually begun in the company’s finance department. A finance manager had been accessing historical information to run internal audits and financial reviews without the guidance of a systems administrator or information security officer, and had inadvertently left open a gateway for the breach. We presented our analysis to the board and offered recommendations to minimize fallout, including the decision to internally disclose the breach. Initially, several board members strongly opposed the disclosure.
Based on GRA’s strategic counsel, the board voted to disclose the breach, to approve new risk-mitigation measures, and to allocate millions of dollars to implement new security procedures.