Data leak investigations

for a financial institution

A newspaper publishes confidential client data from an international financial institution. The financial institution finds itself confronted with a wide variety of immediate and far reaching longer term consequences. It’s key in these situations to swiftly trace the origin of the leak. If the institution is able to do so, it, however, still faces a lot of questions that need to be answered at short notice. The information could be stolen or even leaked by an insider or whistleblower that wants to (continue to) share perceived misdoings of the organisation in public.

In such situations, Signpost Six consultants are brought in after the “unlawful act” on the “road to derailment” has been occurred/been conducted. The institution will need to find out with which of the scenarios its dealing with and the appropriate activation of its crisis or incident management plan. Our consultant(s) will support the crisis team providing investigations and assessment to answer pressing and immediate questions like:

  • What are the subjects’ motivations? Are his/her claims truthful?
  • What can we expect from the ‘subject’ going forward?
  • What risk does s/he pose going forward? Is there any other risk, or any other data s/he could share? Is there a risk of further escalation?
  • What strategy should the institution use in managing the risk? How can they de-escalate? And especially what steps need to be taken internally (organisationally but also potentially in relation to his/her claims)


Learning and prevention

The impact for the institution can in such cases be significant. Client trust is considered a cornerstone in business relationships and therefore the economic and reputational damage can be extensive. It is important to understand how the institution and the subject arrived at this point, particularly when the suspect turns out to be an insider. The critical path to derailment is a helpful tool here. What factors played a role in his/her ultimate decision to leak the data?

Signpost Six reviews the complete pathway from personal predispositions, to stressors, behavioural cues, organisational responses and the so-called crime script. What indicators were red flags early on? We review the personal, environmental and situational factors involved and advise organisations on appropriate measures to prevent further malicious activities taking place. This can entail, for example, installing a threat assessment team within the organisation, the setup of appropriate channels to voice concerns (e.g. whistleblowing procedures) and awareness programmes for supervisors and co-workers to understand and act upon indicators on the work floor.