Cyber Attack

Sophisticated cybercriminals hacked into a $500 million technology company, holding its accounting data and backup records for ransom while bringing business operations and services to a stand-still.

Several problems were created simultaneously by the hack:

  • While the company had cyber insurance and paid the ransom, they were still not able to access all of its data after it was paid. Because the hackers gained access to the data through a new software system the company was in the process of implementing, a manual process of recouping the stolen information needed to be developed.
  • Once the stolen data was accessed, two months of records were still missing that needed to be recreated manually through emails, handwritten ledgers, check copies, vendor records and revenue and bank statements in an auditable format.
  • Recreating and recovering the stolen and lost data was extremely time-consuming and cost the company in terms of lost productivity, overtime hours to address the issue, staff turnover because of increased workloads and lost business. These losses prompted an insurance claim for loss of continuity and business disruption.

Blythe Global received the client’s call for help late on a Friday afternoon and its Cyber Attack Recovery “SWAT team” sprang into action. Working closely with the company’s CFO and controller, BGA helped the company develop a plan to recreate the accounting records and to get back up and running. In addition, the team compiled information about the extent and the scope of the breach to support the client’s insurance claim for lost revenue and other costs associated with the data breach and presented it to the insurance company. Blythe Global brought a diverse skillset and a hands-on approach to help the client rebuild its dataset and liaise with the clients’ auditors (Big 4 accounting firm) to ensure the records were compiled accurately and quickly. Armed with a proven effective post-cyber attack checklist, the BGA team launched a rebuild protocol that included creating a detailed events timeline, confirming the breach was isolated, retrieving financial statements and working with staff and partners to identify losses and costs.

With financial data restored and an accurate accounting of damages caused by the hack, the company was able to resume operations and recoup its losses.