-Advisory Services

Data Breach Analysis

Our powerful analytics help identify and report on sensitive data.

Advisory Services

Data Breach Analysis

For Business Email Compromise (BEC) and other ransomware events where sensitive data requires analysis and reporting, Arete provides clients with actionable reports of personally identifying data across Office 365, Amazon, Google, SQL and local storages during a Ransomware or BEC Investigation.

Our powerful analytics helps identify and report on sensitive data. Dedicated Analysts trained on powerful AI and Machine Learning tools quickly comb through systems to identify and extract relevant PII and PHI, giving your legal counsel the confidence in making data informed decision for regulation and breach notification.

Meet The Experts

Will-Hartz-150x150 (1)

Will Hartz

Director, Data Breach Advisory


Faith Magcalas

Forensic Analyst


Data Processing:
  • Intake/check-in data for processing.
  • Execute data processing with global de-duplication to extract text and metadata.
  • Index and prepare full data population for advanced searching.
Programmatic Review/Searching:
  • Execute PII/PHI search terms across the full data population and produce search term report as part of programmatic review.
  • Identify number of non-searchable files for manual review.
  • Align on final document count for manual review post-searching.
Manual Review:
  • Perform first pass review of all records identified for manual review to make initial determination on whether PII/PHI is present.
  • After subset of records are identified containing PII/PHI, second pass review commences to manually extract data elements, such as names, addresses, SSNs, DOBs, financial information, PHI.
  • For certain file types, such as Excel or CSV, programmatic extraction methodologies are applied to extract out information automatically rather than manually.
  • Generate notification list based on extractions during second pass review, including a report listing individual names and data elements requiring potential notification.
  • Perform de-duplication of entries where individual is clearly the same person based on data elements, such as SSN and DOB.