Search Close Talk to Sales
Relativity
Search
Popular Links
RelativityOne
Relativity aiR
Move from on-prem to RelativityOne
Artificial Intelligence
e-Discovery
Legal Hold
Collection
Early Case Assessment
Data Breach Response
Relativity Contracts
RelativityOne Government
Proactive Security
Close

Cognicion Helps Financial Services Firm Respond to Evolving Salesforce Data Breach with Speed and Precision Using Relativity aiR for Data Breach Response

Customer Since
2015

Headquarters Location
Richmond, Virginia

Share Their Story

How did they do it?

  • Delivered a defensible, consolidated notification data set within 23 days of the threat actor's data release
  • Analyzed more than 1,300 Salesforce fields and multiple data sets in parallel
  • Improved accuracy in identifying impacted individuals while significantly reducing manual effort

When Fragmented Data Meets a Regulatory Deadline

When a financial services firm faced a data breach with urgent financial regulatory notification requirements, the response needed to move quickly without sacrificing accuracy. The matter involved both structured Salesforce data in report format and unstructured data from OneDrive and Box, creating a complex analysis challenge across multiple sources.

The immediate priority was to determine which individuals were impacted and what personal information was exposed. To help the client respond with confidence, Cognicion brought together its breach response expertise and Relativity aiR for Data Breach Response to build a defensible, scalable path to notification readiness.

Finding Impacted Individuals Across an Expanding Data Set

The challenge extended far beyond data volume. Cognicion needed to reconstruct individual-level records from fragmented Salesforce reports, requiring horizontal consolidation across hundreds of fields – a workflow not typically performed inside a review platform. At the same time, the client was operating under strict regulatory deadlines, leaving little room for manual rework or uncertainty.

Midway through the engagement, the threat actor released a larger and more complex data set, forcing the team to expand the analysis and incorporate unstructured review. Duplicate records, inconsistent identifiers, and free-text fields increased the risk of incomplete or inaccurate identification of affected individuals, while managing structured and unstructured workstreams in parallel created added operational strain.

Step 1: Reconstructing Records Across Fragmented Salesforce Data

Cognicion used Relativity aiR for Data Breach Response alongside its platform analytics to address both data environments within a single platform. For the Salesforce data, table mapping enabled the team to consolidate hundreds of columns into a unified schema, helping accurately reassociate personal information that had been distributed across fragmented reports.

This approach gave Cognicion a more efficient way to analyze complex structured data at the individual level, replacing what otherwise would have been an extremely manual reconstruction effort under significant time pressure.

Step 2: Extending AI-Powered Analysis into Unstructured Data

For the unstructured OneDrive and Box data, Cognicion combined metadata-driven clustering with AI-powered PI detection to identify and group impacted data subjects more efficiently. The team also found a way to unlock AI analysis on narrative content embedded in structured data: free-text fields such as Contact Notes were deduplicated to isolate unique entries, then ingested as unstructured data into aiR for Data Breach Reponse so AI detectors could analyze content that otherwise would have required extensive manual review.

As new fields and expanded data sets were introduced following the second data release, Cognicion continuously adapted its workflows, maintained quality control, and supplemented aiR for Data Breach Response outputs throughout the matter. Running both workstreams in parallel inside Relativity aiR proved essential to staying on pace with the client's regulatory timeline.

One Platform, One Connected Workflow

Relativity helped Cognicion bring structured and unstructured analysis together in one connected workflow rather than manage separate processes across disconnected tools. Table mapping, AI detectors, clustering, and analytics worked in combination to support a more cohesive approach to data subject identification, consolidation, and downstream reporting.

By combining outputs from both workstreams inside Relativity, Cognicion reduced inefficiencies, improved consistency, and created a more scalable model for handling breach matters that span multiple data types and changing scope.

The Impact: Defensible Notification Readiness in 23 Days

Relativity aiR for Data Breach Response helped Cognicion deliver a defensible, consolidated notification data set within 23 days of the threat actor's data release, meeting all regulatory deadlines. The team successfully analyzed more than 1,300 Salesforce fields and multiple data sets in parallel, significantly reducing manual effort while improving the accuracy of impacted-individual identification through consolidation, normalization, and AI-driven analysis.

Following this matter, Cognicion plans to expand its use of Relativity aiR for Data Breach Response in future breach engagements, particularly in matters involving complex structured data, while continuing to deepen its use of AI-driven workflows to accelerate data subject identification and strengthen notification readiness.

Ready to see what Relativity aiR can do for you?

Get a Personalized Demo