An emerging FinTech company engaged Crowe to deliver a number of projects designed to increase their resilience to cyber threats in order to comply with strict regulations set by the Financial Conduct Authority (FCA), and to help the client with their wider objective of becoming a listed entity.
Crowe’s forensic team examined email chains related to inbound payments and performed advanced forensic analysis on audit logs and employee mailboxes. The investigation revealed that an ex-employee's email account was compromised, and emails were sent from spoofed domains, impersonating legitimate employees at both our client and the vendor. The hacker used inbox rules to manage communications through the deleted Items folder or a controlled Gmail account.
Once Crowe determined that the mailbox had been compromised, the team helped to identify what personal data may have been impacted. The mailbox included 81,254 emails, of which 26,709 were responsive to Crowe’s search terms. Within the 26,709 files, Crowe identified personal information belonging to 291 individuals. The data associated with these 291 individuals included sensitive information, including: names, mobile numbers, email addresses, bank account numbers and sort codes, National Insurance numbers, salary, next of kin, next of kin contact details, passport details and login details for various websites.
The client was provided with a comprehensive suite of deliverables, which helped them to demonstrate to the FCA that they were appropriately assessing and managing cyber risks.
In addition to providing the client with frameworks and policies to use moving forward, Crowe also provided practical recommendations to implement on a technical level to ensure their systems and networks were as robust as possible when the time came that they would become a listed entity.