The challenge
An airline managing payments for thousands of businesses
In 2020, a domestic multinational airline based in Europe suffered a significant data loss. A highly sophisticated cyber-attack affected personal and cardholder data from approximately 9 million of the airline’s customers – both a major issue for the customers and a reputational problem for the brand.
The journey
The search for a PCI DSS compliance solution
The airline was storing cardholder data across a variety of servers, databases, and other locations, including O365, OneDrive, Notes, Teams, Forms, Azure, SharePoint online, Hadoop HortonWorks & Cloudera, and AWS Glacier.
With millions of customers, the company needed urgent help achieving compliance with Payment Card Industry Data Security Standard (PCI DSS). PCI DSS compliance is mandatory for businesses handling credit card numbers due to a heightened number of data breaches, to protect customers from credit card fraud.
Hackers are highly motivated to steal credit card data. If they gain access to sensitive data including primary account numbers, cardholder names and authentication codes, hackers can impersonate the cardholder, use the card to make purchases and even steal the cardholder’s identity.
If a similar data breach occurs again and hackers gain access to additional customer credit card data, the airline could suffer further financial and reputational losses. Customers lose trust in businesses after data breaches, and the costs of this add up.
To protect sensitive data and maintain customer trust, the airline needed a solution to help it accurately, quickly and easily identify where its credit card data was stored, enabling the company to remediate and protect the sensitive data before any future compromise.
The airline turned to Ground Labs for help scanning and identifying cardholder data across its network, with the ultimate goal of becoming PCI DSS compliant within a year.
The solution
Ground Labs’ Enterprise Recon helps airline maintain PCI DSS compliance
Because this airline handles such a high volume of credit card numbers, the team knew it had a monumental task ahead to find where all that data was being stored. In 2020, it decided to partner with Ground Labs and now relies on award-winning Enterprise Recon to meet and maintain PCI DSS compliance.
The company uses Enterprise Recon PII to find where credit card numbers are stored within its structured and unstructured data sources – including files, databases, emails, cloud, big data and more. After scanning for credit card numbers, Enterprise Recon PII allows the team to view and analyze where sensitive data resides and immediately contact the owners to take action.
Ultimately, Enterprise Recon PII provides a blueprint of the social security and credit card number storage locations across the organization, allowing the airline to ensure on an ongoing basis that it is not storing any social security or credit card numbers unnecessarily, and address any vulnerable or unauthorized data stores. It ensures that the company can securely store and protect the sensitive information of its customers.
Enterprise Recon identified 60 million credit card numbers in the airline’s ecosystem within the first quarter of deployment.
Within the first quarter of scanning with Ground Labs’ Enterprise Recon, the airline identified over 60 million card numbers dispersed across their digital ecosystem. Enterprise Recon’s delegated remediation feature enabled the airline to assign multiple teams to address the risk using Enterprise Recon so this massive undertaking didn’t fall solely on the shoulders of IT.
