A global medical device company operating across North America, Europe, and Asia experienced a significant cyber incident in late 2023. The breach compromised 2 terabytes (TB) of data, affecting 2 million (M) files and over 450,000 individuals. Personally Identifiable Information (PII) such as government-issued ID numbers, Social Security numbers (SSNs), passports, and national identifiers were stolen, leaving individuals across the globe vulnerable. In addition, Protected Health Information (PHI) — including treatment records, diagnosis details, and medical device numbers and confidential work-related information such as salary details, employee IDs, and tax data were exposed.
The scope of the attack on this HIPAA certified company extended across 20 global jurisdictions, each with its own regulations, timelines, and data privacy laws, adding layers of complexity that demanded a highly specialized approach. The multinational nature of the company meant that the stolen data required analysis and translation of dozens of languages to ensure accuracy and compliance.
This case study demonstrates how Actfore extracted 60 key data elements from nearly 2M files in 8 weeks carefully processing, marking up, and deduplicating the data to maintain the highest level of integrity of the final deliverable. About 18% of the files were responsive and included PII, PHI, and work-related information.
