A cyberattack doesn't always result in a data breach. Cyber attackers generally have different reasons for infiltrating a system within an organisation and this might be because they are trying to install some ransom wear or they are trying to collect the information from the organisation. If a cyberattack does result in a data breach, there are a few requirements that a client has to undertake to notify relevant customers and the regulatory bodies about what information was actually breached in that cyberattack. Generally when a data breach occurs an attacker might take either one of two sets of information. The first set of information being structured data that is stored in your databases. This type of information is nicely organised within a database and the attackers can easily identify the information that they need to take. When you are looking at a cyberattack that has extracted information from your database, generally you will require some skill sets to help identify what type of data is actually stored in that database. Secondly if an attacker takes that data you need to understand was it the whole database or was it just components or certain records that were taken.
The second type of data that an attacker can potentially take from an organisation is unstructured data and this type of data encompasses such things as emails, documents, videos, images and other information that might not necessarily be stored in a structured manner. Trying to identify if this particular information contains personal information is quite a difficult task. We have helped clients identify the type of information stored in these documents through the use of machine learning and AI tools. In one particular example we were able to use an image analysis tool to identify if the type of images were pictures of a passport or a driver's licence. Using that in combination with some workflow tools and people manually reviewing the actual documents, we were able to extract all the information that was stored on these documents and build up a customer database that allowed us to identify which customers were affected and what type of information was actually breached. This was then used to help in the notification to the relevant regulators but it was also used in the call centre for when the customers were notified and they started ringing to try and identify what type of data of theirs was actually taken. The call centre staff found it quite useful that they could just reference the customer details and then understand if it was either a database record or if it was such things as image of their passport that was actually extracted. A lot of this data breach identification requires quite a bit of effort and the requirements from the data breach notification legislation only allows a short amount of time to complete this analysis. We have been able to help our clients identify this information through a combination of technology, workflow tools and review staff on board to be able to get all this information in a structured format that our client can use for relevant notifications.