Case Study #2 – One Large Company, Many Stolen Identities

We were recently retained to investigate a large security breach in the United States where all of the employee’s personal information, including name, date of birth, bank account information, social security numbers and the employees W2 form. From there false returns were filed with the IRS, bogus loans, including student loans were applied for and bank accounts were drained.

The first part of the investigation dealt with identifying who had access to the information that was stolen. You can’t steal something you don’t have access to. The access had to be from an external breach, likely through the firewall, an internal breach by an employee or contractor, or disclosed by a third party vendor who handles your information. All of the scenarios were thoroughly investigated.


Firewall logs as well as all external access through contractors, (VPN’s) were reviewed. Although we did not rule an external breach out at the time, there was no evidence to suggest that the breach occurred in this way. Even if that were the case, the information that was stolen was kept encrypted on a separate server that only a select few employees had access to. This led us to focusing our efforts into areas that were more likely the source of the breach. We then looked at all employees that would have had access to this information, prioritizing this group by disgruntled employees, employees who had recently left the organization, and then all other employees including that of Information Systems and Senior Management. We were able to eliminate this group as the breach. Co-incidentally while conducting this portion of the investigation, information came forward concerning a third party vendor who had been breached and this information became publicly known. We were able to connect the information taken to the information that the third party vendor had and with some additional analysis conclude that the breach occurred there.


he other part of our task was to mitigate, as best we could, the impact to the employees whose information was stolen and used to set up false loans and alternate identities.

Our staff was able to respond rapidly to identify where the breach had occurred, put changes in place to prevent additional employees from being compromised, notify those who had been affected and restore systems in a secure manner.

Our staff acted quickly and efficiently to minimize the damage to both the employee and the company. Please contact us for a free consultation.