Multinational Energy Company Discovers Sensitive Data in All the Wrong Places

Lighthouse Data Loss Prevention (DLP) experts uncovered hundreds of thousands of sensitive records stored in unsecured locations across the enterprise.

Download case study PDF

Company Overview

A leading energy provider faced data security and compliance obligations. They
needed assistance protecting sensitive financial, operational, and customer data.

Challenge

The client faced several key data security challenges:

Limited Visibility of Sensitive Data: The company lacked a clear understanding of where sensitive information was stored across SharePoint Online and OneDrive, increasing the risk of unauthorized exposure.
Compliance Considerations: They needed to properly manage sensitive data while working toward future compliance with GDPR, PCI-DSS, and industry regulations.
Growing Volume of Sensitive Information: 2TBs of sensitive data spanned across Teams, SharePoint Online, and OneDrive. Records showed steady growth, reaching 3.5M sensitive items, with an annual increase of 100K records since 2014. The largest spike occurred in 2022, with 250K additional records.

Lighthouse Environment Scan identified unsecured ABA routing numbers, EU passport numbers, SWIFT codes, UK national health identifiers, and more.

Solution

The Director of Information Security partnered with Lighthouse to conduct a comprehensive scan using Lighthouse’s proprietary environment scan technology and Microsoft Information Protection (MIP). This scan could locate sensitive data across the enterprise and provide the necessary visibility to roll out full MIP policies.

1. Lighthouse’s Comprehensive Environment Scan

Lighthouse’s scan helped identify and locate sensitive data, helping the security team to understand its exposure and design its protection strategy. An example of findings included:

Teams: /LegacyRightAngleData contained 139,000+ instances of sensitive data.
SharePoint: /Financial_DMS stored 52,000+ instances of sensitive data.
OneDrive: /[single employee] held 18,900+ instances of sensitive data.

Most Common Sensitive Data Types

ABA Routing Numbers
EU Passports Numbers
SWIFT Codes
U.K. National Health identifiers

2. Created Sensitivity Labels in Pilot Mode

Following the scan, Lighthouse supported the security team in developing sensitivity labels in pilot phase, including:

Testing Auto-Labeling & Classification: Defining initial label rules based on scan results.
Evaluating Impact Before Full Rollout: Assessing how sensitivity labels functioned across departments and workflows.
Preparing for Future Policy Implementation: Establishing a structured data protection strategy before MIP policies were fully deployed.

Key Outcomes

The Lighthouse environment scan gave the organization critical visibility into sensitive data locations, laying the groundwork for stronger data governance, protection, and compliance.

Critical Visibility for Future Protection: Identified where sensitive data resided to guide security and governance efforts.
Pilot Sensitivity Labeling Program: Launched sensitivity labels to test the efficacy of policies and refine data governance practices.
Foundation for MIP Rollout: Positioned the team to automate protection and enforce compliance through Microsoft Purview.

The Lighthouse environment scan helped the client uncover hidden risks and build a foundation for stronger data governance. With clear visibility and a pilot labelling program, the organization is prepared to advance its Microsoft Purview rollout and reduce exposure.