The challenge
A utility provider managing data for hundreds of thousands of residents
The company provides drinking water in Australia as well as collects and treats sewage. As a government-owned entity servicing a region of over 500,000 people, the utility company is responsible for a large volume of personally identifiable information (PII) and payment card industry (PCI) data, including credit card numbers.
After suffering a data breach – both a major issue for the customers and a reputational problem for the brand – the utility company began searching for a solution to help it identify where its customers’ personal information (PII) and payments data was being stored.
The journey
The search for a PCI DSS compliance solution
With millions of customers, the company needed urgent help achieving compliance with Payment Card Industry Data Security Standard (PCI DSS) and to address security failings that lead to the data breach.
PCI DSS compliance is mandatory for businesses handling credit card numbers due to a heightened number of data breaches, to protect customers from credit card fraud. Hackers are highly motivated to steal credit card data. If they gain access to sensitive data including primary account numbers, cardholder names and authentication codes, hackers can impersonate the cardholder, use the card to make purchases and even steal the cardholder’s identity.
In addition, if a data breach occurs again and hackers gain access to additional customer PII, this utility provider could suffer further financial and reputational burdens. Customers lose trust in businesses after data breaches, and the costs of this add up.
To protect sensitive data and maintain customer trust, the utility provider needed a solution to help it accurately, quickly and easily identify where PII and PCI data was stored, enabling the company to remediate and protect the sensitive data before any future compromise.
The company turned to Ground Labs for help scanning and identifying PII and cardholder data across its network.
The solution
Ground Labs’ Enterprise Recon helps discover sensitive data across the network
Because this utility company handles such a high volume of personal information, the team knew it had a significant challenge ahead to find where all that data was being stored. It decided to partner with Ground Labs and now relies on award-winning Enterprise Recon to maintain ongoing awareness of where sensitive data is stored.
The company uses Enterprise Recon PII and Enterprise Recon PCI to find where credit card numbers and PII are stored within both structured and unstructured data sources, including files, databases, emails, cloud, big data and more. After scanning, Enterprise Recon allows the team to view and analyze where sensitive data resides and immediately contact data and system owners to take action.
Ultimately, Enterprise Recon provides a blueprint of the storage locations hosting PII and payments information across the organization, allowing the company to ensure that it is not storing any sensitive data unnecessarily, and that it is storing essential data securely to protect its customers.
Enterprise Recon identified millions of unsecured credit card data and personal information across the network.
After beginning the scanning process with Ground Labs’ Enterprise Recon, the utility provider identified millions of instances of customer credit card and PII information across its network. Enterprise Recon’s delegated remediation feature enabled the airline to assign multiple teams to address the risk, supported by its in-built capabilities to mask, encrypt, quarantine and delete data.
