Navigant is an expert services firm that assists clients with data breach and trade secret theft investigations by quickly analyzing evidence to assess the scope of the incident, identify compromised data and systems, and help clients address legal and regulatory requirements to resolve the matter. They have experience investigating hacking incidents, employee theft of trade secrets, and other data breaches to determine how the theft occurred and what information was accessed in order to mitigate risks and impacts for clients. Navigant takes a multi-phase approach to investigations that includes collecting evidence, analyzing the scope of the incident, and advising clients on notification, regulatory responses, damages, and strategies to prevent future incidents.

1. D I S P U T E S & I N V E S T I G AT I O N S
Illuminating the Impact
Data Breach and Theft of Trade Secret Investigations

2. About Navigant (NYSE: NCI) is a specialized,
global expert services firm dedicated to assisting clients in
creating and protecting value in the face of critical business
risks and opportunities. Through senior level engagement with
clients, Navigant professionals combine technical expertise in
Disputes and Investigations, Economics, Financial Advisory and
Management Consulting, with business pragmatism in the highly
regulated Construction, Energy, Financial Services and Healthcare
industries to support clients in addressing their most critical
business needs. Navigant has offices in over 43 cities in North
America, Europe and Asia.
As headlines constantly confirm, organizations of all types and sizes
are being targeted for the information kept within their computer
systems. Valuable data and records can be accessed through a lost
laptop, a burglarized back-up tape, misappropriated computer code,
or a sophisticated hacking scheme. A rapid and decisive response
is critical to mitigating the legal, financial and reputational risks.
Navigant’s uniquely qualified global forensic team quickly preserves
and analyzes relevant evidence, assesses potential exposure, and
provides significant independent experience and innovative insights
into data breach and theft of trade secret investigations.

3. lead with experience.
expect results.
THE CHALLENGE THE CHALLENGE THE CHALLENGE
HACKER TARGETS UNIVERSITY EMPLOYEE THEFT OF TRADE COMPUTER THEFT
SECRET INVESTIGATION JEOPARDIZES PERSONAL DATA
THE SOLUTION THE SOLUTION THE SOLUTION
A California-based university had been the A global financial services firm needed A full-service, multi-state hospitalist company
victim of a foreign-based hacker. Navigant assistance in reviewing forensically-preserved became aware of the theft of a computer and
was engaged to collect evidence about the hard drives, network files, phone records, personal digital assistant from a locked office.
breach, ensure the breach was contained, and chat logs, Bloomberg e-mails, expense Navigant was called to investigate the data
investigate whether any confidential information reports, HR records, security access logs, breach implications associated with the theft.
about its students was disclosed. Our analyses URL activity, and key stroke logging software Our analysis was instrumental in notifying
identified the methods and hacking tools used for evidence of potential non-compliance by over 6,000 former patients that personally
to gain access, reconstructed the hacker’s certain former employees with non-compete, identifiable information (“PII”) and/or
activities inside the network, and isolated the non-solicitation, and partnership agreement protected health information (“PHI”) may
hacker’s location. We were able to confirm obligations. Navigant was engaged to conduct have been compromised, including names,
that no confidential university data was the review which also included extensive public Social Security numbers, dates of birth,
compromised. records research and targeted interviews. Our diagnosis codes, medical record numbers,
team assisted counsel with depositions, and similar information.
subpoena requests, legal strategy, and a
preliminary injunction hearing.
INFORMATION SECURITY & DATA BREACH REPORT
Navigant’s Information Security & Data Breach Report utilizes current information and data contained in news sources, press releases, government websites and
proprietary resources to identify insights and trends in the information security arena. This report is updated and published on a quarterly basis to spotlight major
breaches and answer questions about how these breaches occur. How is personal data being lost or stolen? How many people are affected? How long does it
take to report a breach? How much will it cost if your company loses personal information? If you would like to receive a copy of the current edition of Navigant’s
Information Security & Data Breach Report, and quarterly updates, please contact Kris Swanson at 312.583.5784 or kswanson@navigant.com.

4. Kris Swanson
312.583.5784
kswanson@navigant.com www.navigant.com
Our proven response methodology addresses the following phases.
INVESTIGATE ANALYZE RESOLVE
The investigative phase is critical in defining what Companies may not know initially what they have Finally, we offer services that help bring closure to
is known or knowable about the loss or theft, lost, but they appreciate the serious regulatory, an event and assist with conflict resolution by:
and charting a path to understanding how the reputational, legal and financial risks in play. Our » Advising on notification strategies and imple-
event occurred, who may be involved, and what team has extensive experience in forensically mentation
information to gather to assess intent. analyzing complex data and can quickly bring » Assisting with responses to regulatory inquiries
salient insights into focus. (e.g., FTC, Attorneys General, HHS OCR, DOJ)
Our seasoned professionals leverage deep computer
forensic, private investigative and data analysis Once the investigation identifies the potentially » Establishing decision models for claim adjudica-
expertise, and are skilled at navigating the relevant relevant individuals and data involved, Navigant tion or settlement
legal standards and privilege issues typically uses proven forensic and analytical techniques to » Providing expert damages testimony in defense
encountered during an investigation. uncover additional insights and further define the of legal actions brought by third parties, or to
scope of the event. Objectively analyzing the value support claims against third parties
The investigative phase may include: » Supporting clients in the preparation of insur-
of the lost data and consequential risks will help
» Interviewing relevant staff to determine the initial determine the remediation actions needed. ance claims to maximize recoveries
scope of the loss or theft » Providing management recommendations to
» Reviewing information technology systems to The analysis phase may include: mitigate the frequency and impact of future
identify data stores and preserving data for » Identifying the valuable data and systems that incidents
subsequent forensic analysis were compromised, and assessing the business
» Creating a “proxy” for what was lost or stolen, implications
and how it was likely compromised » Establishing the list of individuals or entities
» Conducting discreet public records and business who may need to be notified due to a breach of
intelligence research to gain knowledge about health and/or personal information
targets » Helping clients triage the most significant events
» Developing a timeline of business events to help that may influence the response plan
better inform and augment the investigation
©2011 Navigant Consulting, Inc. All rights reserved.
Navigant Consulting is not a certified public accounting firm and does not provide audit, attest, or public accounting services. See www.navigant.com/licensing for a complete listing of private investigator licenses.