Client case studies | Strengthening security after a breach of a retailer's customer data

A large global retailer establishes a sustainable security program after a serious customer data breach.

A global grocery retailer with more than 1,000 US stores suffered a public data breach that compromised millions of customer credit- and debit-card numbers. Overall, the retailer faced numerous shortcomings in its overall security practices. As a result of the breach, the retailer faced possible action by the FTC in the form of a consent decree mandating that violations be mitigated. The retailer needed help remediating the security breach, and developing and implementing a sustainable security program. They also required assistance in selecting and deploying supporting technologies that would help with security and data privacy.

The retailer engaged PwC to design and implement a comprehensive program for data security and privacy. A core component of this initiative entailed the design and deployment of a data loss prevention (DLP) solution. Drawing upon knowledge of the retailer’s unique business needs from previous initiatives, PwC helped select the Symantec Data Loss Prevention solution. Our team crafted a strategy to integrate Symantec DLP into the retailer’s existing Governance, Risk, and Compliance (GRC) tool to better manage its risk and compliance issues.

PwC’s solution helped remediate a serious data breach, and we assisted the retailer in developing a comprehensive, sustainable data security program. We delivered an end-to-end strategy to identify and protect sensitive data for today and the future. The retailer now has the technology, people, and processes to better understand where sensitive data resides, how it is used, and who has access. The retailer can detect and stop external dissemination of sensitive data and they can better understand the scope of regulatory and industry pressures such as PCI. The retailer also has secured the personally identifiable information (PII) of employees and customers, and implemented ad-hoc and scheduled data-validation processes.


Click here to download and save the case study.