The challenge
A private equity firm managing investments information for millions of customers
A global private equity firm headquartered in Hong Kong invests in capital markets, hedge funds, private equity, and real estate, in addition to providing tailored trust, fiduciary, fund and corporate services.
With millions of customers around the globe trusting the firm for investing and financial management, the company wanted to ensure all personally identifiable information (PII) and payment card industry (PCI) data, including credit card numbers, were being managed correctly and securely.
The firm needed to protect itself against data breaches and ensure it was meeting payment card industry data security (PCI DSS) compliance requirements.
The journey
The search for a PCI DSS compliance solution
With millions of customers across multiple brands, the firm needed urgent help achieving PCI DSS compliance. PCI DSS compliance is critical for businesses handling credit card numbers in order to protect customers from payment card fraud.
Hackers are highly motivated to steal credit card data. If they gain access to sensitive data including primary account numbers, cardholder names and authentication codes, hackers can impersonate the cardholder, use the card to make purchases and even steal the cardholder’s identity.
If a data breach occurs and hackers gain access to the private equity firm’s customers’ credit card data, the firm could suffer significant financial and reputational burdens. Customers lose trust in businesses after data breaches, and the costs of this add up.
To protect sensitive data and maintain customer trust, the private equity firm needed a solution to help it accurately, quickly and easily identify where credit card data, payments information and other PII was stored, enabling the company to remediate and protect sensitive data against compromise.
The company turned to Ground Labs for help scanning and identifying cardholder data across its network.
The solution
Ground Labs’ Enterprise Recon helps maintain PCI DSS compliance
Because the firm handles such a high volume of customer credit card data and PII, the team faced a significant challenge to find where all that data was being stored. It decided to partner with Ground Labs and now relies on Ground Labs’ award-winning Enterprise Recon software to meet and maintain PCI DSS compliance.
The company uses Enterprise Recon PII to find where credit card numbers and PII are stored within both structured and unstructured data sources, including Windows File Servers, Exchange Server, O365, SAP and Endpoints.
After scanning, Enterprise Recon PII allows the team to view and analyze where this sensitive data resides and immediately contact the owners to take action.
Ultimately, Enterprise Recon PII provides a blueprint of the sensitive data storage locations across the organization, allowing the firm to ensure on an ongoing basis that it is not storing any credit card numbers or other PII unnecessarily, and when necessary, that the company is storing them securely to protect sensitive consumer information.
Enterprise Recon identified millions of instances of unsecured sensitive data in the firm’s ecosystem.
Within the first quarter of scanning with Ground Labs’ Enterprise Recon, the private equity firm identified millions of instances of unsecured sensitive information dispersed across its digital ecosystem. Enterprise Recon’s delegated remediation feature enabled the company to assign data and system owners to address the risk using its built-in remediation tools.
