FTI Consulting Investigates Unintentional Data Disclosure for a Large U.S. Municipality
June 01, 2023
After a high-profile unintentional disclosure of personal data, a large U.S. municipality had to understand what happened and communicate the situation to impacted stakeholders.
The municipality launched a data visualization dashboard that published criminal justice data, which was intended to improve transparency. Due to improper security configurations, the public was able to download the full data set for a day, which included the confidential personal data of more than 190,000 individuals. FTI Consulting was engaged by outside counsel to conduct an independent review of the data disclosure.
- FTI Consulting’s Cybersecurity, Data & Analytics and Technology teams assisted in conducting a forensic investigation.
- FTI Consulting virtually recreated the dashboard servers to determine what data the public could obtain, analyzed logs to quantify how many downloads occurred, conducted cross-correlation analysis of the available data sets and interviewed staff to understand the incident.
- The teams provided the municipality and the public with an overview of what led to the unintentional data breach.
- The FTI Consulting team determined that insufficient internal reviews and a lack of cybersecurity and technical training led to failures.
- FTI Consulting outlined a list of recommendations in the final report, including enhancing training and developing a detailed data incident plan with clear protocols and responsibilities.
- The municipality committed to implementing all recommendations from FTI Consulting.