#109 - Case History - We Were Hacked


January 10th, 2023

18 mins 35 secs

Your Hosts

About this Episode

GBA Case History Series – Case History #109 - We Were Hacked


Member Firm with multiple offices became the victim of foreign hacking enterprise. It started when an employee of the firm innocently opened an email from an unsuspected contact and clicked on a link allowing the hackers to access the Member Firm’s management systems. Unbeknownst to anyone, the infiltrators spent months learning about the Member Firm’s operations, information storage and data. After obtaining and securing the information that they were after, the hackers locked out the Member Firm keeping them from accessing their IT systems, including emails and project files. They promptly demanded seven-figure sum of money for the key to their lock.

Our Host

Jennifer Sanborn, PE – Vice President/Sanborn, Head & Associates, Inc. (Link to Profile)

Jenn’s work in environmental site characterization and remediation has taken her to the leading edge of our practice in vapor intrusion and emerging contaminants. Jenn works on a number of projects under the USEPA Brownfields program, conducting environmental assessments and preparing regulatory submittals. She has extensive field experience and familiarity with environmental regulations across several states. At Sanborn Head, Jenn helps with Sanborn Head’s business practices, reviewing contracts and educating staff about risk management practices. As a supervisor, Jenn also enjoys the opportunity to mentor staff and guide their career development. She is also a member of Sanborn Head’s Board of Directors.

Our Guest

Doug Barbosa – Director of Information Technology /Sanborn, Head & Associates, Inc. (Link to Profile)

Doug is responsible for building and maintaining Sanborn Head’s technology infrastructure. In this capacity he manages their IT team and oversees the planning and development of the information systems and data processes so that everyone at Sanborn Head has the tools and solutions needed to service their clients. Doug is an expert in the area of cybersecurity and takes great pride in his efforts to protect Sanborn Head’s and their clients’ data and ensure a smooth operational environment.

Lessons Learned

  • Purchase Cyber/Ransomware insurance
  • Replace old computers,update/upgrade security software and apps
  • Train staff on cyber security and anti-phishing protocols; test regularly
  • Bring in an outside cyber expert to evaluate your systems and get recommendations to address weak points
  • Leadership, employee and client resilience



This episode was produced by the following GBA Members: