Reducing the Costs and Complexities of a Global Data Breach

A leading relocation and moving services provider was hit by a third-party data breach that impacted over 1 million people around the world. Kroll’s combination of breach notification expertise and patented technology streamlined the entire notification process and delivered unique solutions that enabled the company to meet its multi-jurisdictional breach notification responsibilities.

The Challenge

A global relocation and moving services provider was impacted by a third-party data breach event affecting data owners in jurisdictions around the world, and more than 1 million individuals. With multiple locations serving over 100 countries and many Fortune 500 clients, the company was under intense pressure to manage and minimize the potential damage resulting from the incident. The company also needed to identify how best to meet its many regulatory obligations, with differing requirements for each territory. The extent of the breach meant that full remediation would take over a year, presenting further challenges for the business.

Kroll’s Solution

Kroll worked closely with the company to complete the many critical actions required following the discovery of the data breach. By optimizing notification speed and deliverability, reducing unnecessary notification costs and helping safeguard its reputation, Kroll significantly reduced the administrative demands on the company and its clients. Kroll’s third-party breach management platform, Kroll Notification Navigator (KNN) was critical in achieving this. This patent-pending platform streamlines the process of notifying third party entities about a data breach, so that they can easily access their data, review the proposed notification, speak directly to experts with insight into the breach, then make an informed choice about opting into the notification service. As a result, KNN successfully reduced the risk of human error and minimized the impact of the incident as much as possible.

The Impact

Over 1 Million Individuals Notified

Kroll worked with the company and their legal counsel to draft a personalized, plain-language communication that provided clear and relevant information about the data breach event and the solutions being offered. These were then segmented by jurisdiction to address unique regulatory stipulations, with delivery routes optimized to required deadlines. Kroll’s unique insight and proprietary technology ensured that 150 different physical and email notice versions were created and sent to more than 1 million impacted individuals around the world.

Bespoke Opt-in Solutions

The global scale of the event demanded a tailored approach to managing opt-in requirements and deadlines. Kroll addressed these nuanced requirements by launching three separate KNN portals and identifying unique solutions to support the 24/7 needs of data owners and impacted individuals.

Sensitive Data Securely Transferred

The business initially faced the daunting prospect of having to transfer sensitive data for the 1,000+ data owners affected by the breach. Being fully trained in secure data handling, Kroll’s breach response teams were able to facilitate the high-volume data transfer process securely and safely.

Multi-Jurisdictional Responsibilities Met

Kroll successfully addressed the extra burden posed by the global nature of the data breach by identifying unique solutions within KNN that would support the 24/7 needs of data owners and impacted individuals. This meant the business was able to fully meet its multi-jurisdictional breach notification obligations, ensuring that the right information reached the right people at the right time.

Discover Kroll’s Breach Notification Services