An Auto Dealership Chain Client contacted Winquest (at 5:00 PM on a Friday afternoon) to request Incident Response support to recover from a major data breach. The Client contacted the State Police, the FBI and their insurance company after the credit reporting agencies suspended the ability to pull credit reports due to unauthorized use of the Client systems. The insurance company laid out the qualifications required to hire an incident response company and Winquest met those requirements (the Client’s Information Technology (IT) support company did not and referred the Client to Winquest). While the Client was gaining approval to hire us, Winquest personnel were alerted and preparing to deploy to the Client site.
Upon arrival at Client site, the Winquest Incident Response Team (IRT) confirmed the scope of operations with executive management, conducted interviews and quarantined the systems that were suspected of compromise. Those systems hard drives were copied for analysis and the originals were bagged and tagged as evidence for FBI use. The IRT met with the FBI team and received high praise from the Special Agent leading the FBI investigation.
Winquest analysis discovered a zero day vulnerability had been used to gain access to multiple Client systems and use that access to pull credit reports. Winquest personnel were able to remove the malicious code responsible for the breach, scan the Client network, certify the system was free of the malware that caused the incident and help the Client meet the credit reporting agencies security requirements. Once the requirements were met, the Client was able to resume accessing credit reports.
At the conclusion of the IRT mission, The Client and Winquest executed a Service Level Agreement to continue support via quarterly vulnerability assessments, employee awareness training and Policies and Procedures development and implementation.