Case Study: Major Financial Institution stops sensitive data exfiltration and remediates IDOR vulnerability with Palo Alto Networks Unit 42 Incident Response

Major financial institution engages Unit 42 to investigate presumed insider threat

A major U.S. financial institution discovered sensitive business-loan application data — including PII and Social Security numbers — was leaking and received an anonymous threat to go public. Suspecting an insider, the company engaged Unit 42 to quietly investigate and stop the leak without disrupting operations.

Unit 42 deployed endpoint detection (Cortex XDR), threat intelligence and offensive security techniques, and after finding no insider activity pivoted to a frontend code review. The team uncovered an insecure direct object reference (IDOR) introduced by a code change, correlated web and SaaS logs, evicted the threat actor, validated the fix, and recommended ongoing code reviews and web app penetration testing to prevent recurrence.