Case studies - Dataminr Flashcards by Lyudmila Kan

Shooting at YouTube Headquarters

CASE 1: Shooting at YouTube Headquarters

On April 3, 2018, an active shooter opened fire on three people at YouTube’s California headquarters before taking her own life. Dataminr quickly detected eyewitness reports of the incident posted to social media and notified corporate security clients, providing early awareness of the event and details from those on the ground. Dataminr’s first alert preceded major news reports by 11 minutes.

25/03/24

CASE 2: Dataminr delivered the earliest alert on COVID-19

In late 2019, an outbreak of respiratory disease caused by a novel (new) coronavirus—now known as COVID-19—simmered for weeks in Wuhan, China before claiming its first victim on January 10, 2020. Dataminr first detected the outbreak of COVID-19 within public social media posts at 9:11 a.m. EST on Dec 30, 2019, providing clients with the earliest warning in advance of the U.S. government’s announcement 7 days later.

How well did you know this?

Not at all

Perfectly

CASE 3: Major Hollywood Studio

Hollywood film studios face a dynamic and ever-changing security risk profile. Security teams are tasked with protecting the studio’s permanent offices and film lots, temporary filming locations, traveling executives and employees—plus the hundreds of temporary workers and A-list celebrities working on active film shoots.

Consider the April 2017 terrorist attack in Paris, where a gunman opened fire on a police officer and fled on foot.

Just 1,000 yards away, the security team on the set of a major motion picture had to make a decision—should they shut down the set and evacuate the crew and actors?

In those early seconds, information on the ground was frustratingly scarce. Was that sound gunfire or fireworks? If it was gunfire, is the threat still active? Where did the event happen?

But the security team working in Paris that night wasn’t alone. Analysts at the film studio’s global security operations center (GSOC), some 9,000 miles away in California, picked up the phone to give the Paris team the information they needed at that moment: There’s been a suspected terrorist attack at the Champs-Élysées. You need to evacuate to a safe location; we’ll update you with new information as it comes in.

This exchange, which happened within seconds of the initial gunshots, was made possible by Dataminr, which uses artificial intelligence to alert companies to unexpected risks happening in real time.

How well did you know this?

Not at all

Perfectly

“Dataminr has been amazing in getting those alerts 20 minutes before another platform would send something in, or 20 minutes before you’d hear about it on the local news,” said the studio’s Vice President of Global Threat and Emergency Management. “Dataminr has been our eyes and ears around the globe, alerting us to events that could potentially impact our assets.”

The studio’s GSOC serves as the real-time information hub for not only the studio itself, but also its parent company, a multinational mass media conglomerate. Every day, the studio’s GSOC team watches over hundreds of assets in the center’s physical security information management (PSIM) system: The company’s permanent offices and film lots, temporary filming locations, traveling executives and employees.

Dataminr forms an important cornerstone of the studio’s GSOC, delivering a feed of crisp, actionable alerts about emerging risks across the globe. Analysts inside the GSOC make decisions based on the information flowing into the center—should we notify people working nearby? Should we notify our leadership team? Should we escalate to the crisis response team?

In rare cases of immediate threats to health and safety, the studio’s GSOC will recommend shutting down a film shoot, evacuating an office, or telling people to shelter in place.

Travel Safety
For example, a Dataminr alert comes in about an emerging risk developing in Rome. The studio’s GSOC team looks at the PSIM and sees there are 37 employees located near the epicenter of the risk. Within seconds, they can send a message to the group: “We’re aware of the situation developing on the ground, and will update you once we have additional guidance.”

“This shows travelers that when they’re out for business and working for the company that there’s someone watching out for them. They’re not traveling alone,” said the studio’s Vice President of Global Threat and Emergency Management. “We’ve had amazingly positive feedback from that side. It gives people so much peace of mind to think, ‘Hey, if something happens, I’ll get taken care of. The business actually cares about me.’”

How well did you know this?

Not at all

Perfectly

Delivering that feeling of safety is crucial for the studio, which works with a large number of contractors and temporary workers. Film shoots can employ hundreds of people, and world-famous actors, for a few brief weeks, who may go on to shoot their next project with a competing film studio. A well-run security operation remains a competitive differentiator for this studio.

Separately, the studio’s executives want to know if photos or videos are being leaked from their active film sets—another area where Dataminr’s real-time alerts can help.

Event Safety
The studio’s executives are highly visible in the entertainment industry, and attend, sponsor and speak at live events throughout the year. The studio’s GSOC team sets up Dataminr information feeds around specific events weeks ahead of time, to understand public sentiment toward the event, and look for specific, credible threats to executive safety.

During a live event, Dataminr sends the studio’s GSOC team real-time alerts to emerging risks, so they can augment the work of the executive protection team on the ground.

Moving Beyond Keywords
Before adopting Dataminr, the studio’s security analysts relied on standard social media monitoring software, local news feeds, keyword search lists and travel alerting. The results weren’t consistent: Sometimes the alerts were late, or nonexistent. Other times, the volume of alerts was so high, analysts couldn’t keep up, and ignored them.

For example, simple, keyword-based alerting systems proved inadequate at detecting nuances in syntax, raising urgent alarms when one of the studio’s film directors tweeted a sentence like, “We killed it on the shoot today.”

“Our big focus is to make any alert coming in as actionable as possible,” said the studio’s Vice President of Global Threat and Emergency Management. “If it’s not something that could impact an asset, a traveler or a person, we want to filter it out, so we don’t even see it. So the GSOC ideally gets as few alerts as possible.”

The studio found that source of fast, relevant and actionable alerts with Dataminr. Instead of using keywords, Dataminr’s artificial intelligence is able to understand that “killing it on the shoot” isn’t an actual risk. The platform processes billions of units of data from more than 200,000 public data sources, in more than 150 languages, 24 hours per day. That public information gets distilled into alerts that the studio’s GSOC team uses to make decisions.

How well did you know this?

Not at all

Perfectly

CASE 4: Ellie Mae

Learn how the Silicon Valley-based mortgage software company Ellie Mae used Dataminr to protect their employees in the Midwest, following a devastating cyclone in 2019. Named a “bomb cyclone”, it had swept across the Midwest, bringing freezing rain, whiteout conditions and winds of up to 89 mph.

At 5:15 a.m., the 92-year-old dam broke, sending an 11-foot-tall wave of water downstream, flooding multiple towns and neighborhoods around Omaha. The operators tried to open the dam’s emergency spillways, but found some had been frozen shut. As water levels surged and it became clear failure was imminent, the operators abandoned the dam’s powerhouse at 4:30 a.m. and drove into the neighborhood below to pound on doors, begging people to evacuate. Nebraska’s governor later called the bomb cyclone the most damaging natural disaster in the state’s history.

Halfway across the country, the Workplace Safety team at the California-based software company Ellie Mae leapt into action, in support of their colleagues who lived and worked in the Midwest. The team worked quickly to account for the safety of Ellie Mae’s employees and families, gather information about the extent of the damage, and make business recommendations to the company’s People team.

“Pretty much every way into and out of the Omaha area was flooded,” said Josh Barrier, Manager of Workplace Safety at Ellie Mae. “We were able to provide photos from Dataminr showing exactly how bad the flooding was in the area.”

The team gathered live, up-to-the-second information using Dataminr, which delivers real-time alerts on emerging risks worldwide. Ellie Mae’s executives used that information to temporarily close the company’s satellite office in Omaha, and reach out to employees to check in and offer support.

How well did you know this?

Not at all

Perfectly

Dataminr in the Safety Operations Center
Barrier joined Ellie Mae’s Workplace Safety team in early 2018, and was tasked with building the company’s first Safety Operations Center. He had used Dataminr in a previous management role, and recommended that Dataminr form the cornerstone of the company’s new operations center. Real-time information flows into the center 24 hours a day, and analysts use that information to make decisions to keep Ellie Mae’s employees and assets safe.

Dataminr’s real-time alerts span the globe which was particularly useful in the summer of 2020, as Ellie Mae’s security analysts followed ongoing media coverage of the political upheaval in Belarus—home to one of the company’s three international offices.

Employees want to feel secure at work, and know that their employer is looking out for their safety, Barrier said. He says his team functions with a service-focused mindset, providing relevant information to the business and making recommendations to ensure employee security.

Relevant Alerts in Real-time
Before using Dataminr, Barrier said security analysts often found themselves deep in manual work, chasing down information from disparate sources by hand. They’d used commercial social media platforms like TweetDeck, or rudimentary, keyword-based systems that would throw up urgent alarms when people tweeted sentences like “This sushi is the bomb,” he said.

“It was totally irrelevant, filling our notifications feed with junk,” Barrier said. “It would take time away from reaching out to someone who might actually need our assistance. But Dataminr really filters those types of alerts out. One thing I always hear from my team is that every single notification we get from Dataminr could be something that we need to look into.”

When a real-time alert comes into the SOC that requires action, Barrier uses Dataminr to get an early, on-the-ground look at what’s happening, which he reports up to the Senior Vice President of People. The Workplace Safety team continues to provide updates on the risk as it develops, to help executives make business decisions.

How well did you know this?

Not at all

Perfectly

CASE 5: Pilgrims Risk Management Group

Pilgrims Risk Management Group uses Dataminr to protect people and assets for clients in some of the world’s most challenging environments. Learn why the UK based firm calls Dataminr “a critical tool for the SOC to carry out their function effectively.”

The editors at a major television news network are making the call—they’re flying a small production team to Somalia to cover a major, breaking news story. One of the first phone calls they make is to London-based security consultancy Pilgrims Risk Management Group, a firm that protects people and assets for clients in some of the world’s most challenging environments.

Pilgrims quickly pulls together a small team of specialists to join the journalists and manage their security throughout the mission. On the back end, security analysts working for Pilgrims build an updated assessment of the risks the journalists will face on the ground. The analysts reach out to their contacts working in the area, and use an array of sophisticated software solutions to verify what they’re learning. It’s fast, important work, crucial for keeping the team safe.

Dataminr forms an important building block of the security practice and tech stack at Pilgrims, providing alerts about emerging risks in real time. Analysts at Pilgrims use Dataminr alerts to augment the other sources of information that flow into their security operations centers, to build a more complete picture of risk.

“The risk assessment has to be with the team before they deploy, and the notice time can be short, perhaps a matter of hours,” said Richard Lovell-Knight, group Director of Risk at Pilgrims. “And it doesn’t stop there; the assessment instantly becomes dynamic, and continues through the mission until all are safely home.”

Pilgrims manages their own group security operations centers (SOCs) in Nigeria, Iraq, Afghanistan and the UK, providing contract security services to multiple clients. For larger clients, Pilgrims helps their clients develop bespoke SOCs tailored specifically to that client’s needs. For example, Pilgrims helped a major professional services company develop their SOC in London, which now serves the company’s 20,000 UK-based employees and global travelers.

How well did you know this?

Not at all

Perfectly

The London-based SOC, which Pilgrims manages on behalf of its professional services client, runs 24 hours a day, with a team of eight analysts, a supervisor and a travel security manager. Together, this team looks for opportunities and threats through a process called “horizon scanning,” real-time notification of emerging risks using Dataminr, risk research and trends analysis.

Areas of risk include the obvious threats—asset protection, executive safety and travel safety—as well as incidents one would not immediately assume were related to security, such as climate-induced events that close down offices or prevent employees from getting to work.

Dataminr “fits perfectly in as a piece of the puzzle, as one of the component parts that ensures everything runs smoothly for the SOC,” said Valerie Kong, Pilgrims’ global manager of Risk and Information Services. Kong oversaw an internal benchmarking test that measured Dataminr’s real-time alerting capabilities against other software options. Dataminr was the clear frontrunner.

CASE 6: Baylor University

Every semester, hundreds of Baylor University students, faculty members and staff fly out of the relative safety of Waco, Texas, to far-flung corners of the globe to travel on behalf of the school— study abroad programs in Europe and Asia, mission trips to Latin America, and research conferences worldwide.

Keeping people safe while they travel on behalf of the school is the responsibility of the Baylor University Department of Public Safety. The person in charge of keeping these groups safe is Jared Bickenbach, Director of Global Safety and Security.

Bickenbach does this by assessing the risk environment of a region, country or specific city, and sharing that information with travelers before their trips. While groups are on the road, he relies on Dataminr to provide him with real-time alerts on breaking news, to keep travelers safe.

How well did you know this?

Not at all

Perfectly

Travel Planning

Baylor University students, faculty and staff who travel on behalf of the school are required to share their itineraries in the school’s travel management system, listing out the cities and countries they expect to visit on their trip.

Bickenbach reviews and approves every itinerary personally. Certain itineraries are approved quickly, such as travel within the U.S., Canada or Western Europe—places that the U.S. Department of State deems “Level 1: Exercise Normal Precautions,” Bickenbach says.

For locations that the State Department deems “Level 2” or “Level 3,” Bickenbach will take a closer look at the probable risks surrounding the trip, by reading updated travel advisory information, detailed risk reports from analysts at WorldAware, and the real-time news alerts coming from Dataminr.

He then uses that information to build a risk profile for the itinerary, which he shares with the group before they leave. In certain cases, he will determine the risks are too high, and will recommend canceling the itinerary.

In rare cases, the trip’s risk profile changes quickly, and Bickenbach recommends groups cut their trips short and return to the U.S. Such was the case at the start of 2020, when the COVID-19 pandemic was beginning to spread across Asia and Europe. Using real-time information from Dataminr coupled with advisory recommendations from analysts, Bickenbach asked a number of students, faculty and staff to immediately return to the U.S.

Baylor University made the call in advance of wide-sweeping travel restrictions and ahead of other universities, who found themselves scrambling to arrange repatriation flights for their students, faculty and staff.

“The number one benefit for us is quality of information,” Bickenbach said. “Getting information in a remote area of the world is pretty difficult … and if you’re a small security team, having the alerts push directly to you is such a time- saving measure.”

How well did you know this?

Not at all

Perfectly

Best Practices for Travel Safety

1. Adopt a centralized travel registration and budget management system: Organizing all current and future itineraries in one place allows an organization’s travel safety team to understand who is traveling where and coordinate a rapid response in case of emergency.

2. Use software to build an accurate picture of probable risks before the trip starts:
Bickenbach uses several tools to build a more complete picture of probable risks facing travelers. Dataminr gives Bickenbach a granular look at breaking news in real time, showing him a range of events as they happen.

3. Monitor emerging risks while travelers are on the road:
“If I see an alert like that, I know I’ll need to get information really fast,” Bickenbach says. “I can use [Dataminr] to quickly capture what’s happening… and can tell if any of those areas where we have students has been impacted.”

CASE 7: Sky News

Faint plumes of white smoke were rising above the Île de la Cité—at first, hard to pinpoint. As the smoke turned black and began to catch people’s attention, a classical music student standing on the bank of the Seine river was one of the first to realize what was happening. “Notre Dame on fire!” she tweeted, with a photo of smoke now billowing out of one of the cathedral’s spires. Firefighters had not yet arrived.

Within moments, journalists at Sky News in London interrupted their broadcast with breaking news—Notre- Dame Cathedral was on fire. It was a story that dominated news coverage for more than a week in Europe.

“We didn’t see it first on the AFP news wire, we saw it first on Dataminr,” said Digital News Editor Adam Parker. “And we didn’t just see it first [on Dataminr], we saw it with some incredible imagery.”

How well did you know this?

Not at all

Perfectly

Based in London, Parker works on a newsgathering team at Sky News, specializing in using social media to source and verify emerging news stories. He and other journalists on the news desk gather visual media, background information and context, which they put on an internal newsroom platform that their colleagues use to build TV stories, social media posts and online articles. Speed and accuracy are essential.

In the case of the Notre-Dame Cathedral fire, it took minutes for the major news wires to issue their first news alert, and even longer for them to begin publishing photos and video. “Minutes are really important to us. Really, really important,” Parker said.

How Reporters at Sky News Use Dataminr

Since September 2018, journalists at Sky News have been using Dataminr for News to help them discover stories and pre-viral information most relevant to their beats. Individual reporters decide how they want to consume Dataminr news alerts—by email, on desktop, in collaboration platforms like Slack, or embedded in other news gathering tools like TweetDeck.

“[We think of] Dataminr as sort of a safety net,” Parker said. “We know that if there’s a big story happening and we haven’t seen it, we will see it from Dataminr in some form. And if I don’t see it on my Dataminr [dashboard], we know somebody else in the newsroom on Dataminr will.”

How well did you know this?

Not at all

Perfectly

User-generated Media

Social media gives journalists a valuable window into conditions on the ground in areas of the world that are difficult for reporters to access and where English is not the primary language, such as Armenia and Azerbaijan, whose forces clashed in 2020 over the separatist territory Nagorno-Karabakh.

“We’ve seen pictures and videos that just wouldn’t be there—just wouldn’t exist—if it wasn’t for user-generated videos and user-generated pictures that allow us into those areas,” Parker said.

Dataminr for News not only helps reporters quickly find user-generated photos and videos, but also automatically translates captions and other media into English.

“It’s peace of mind knowing that we are covered worldwide for any story that may not have been picked up by people we follow on social media or on news wires,” Parker said.

CASE 8: Major Australian Utilities Provider

The company’s real estate footprint is similarly vast, with high-rise buildings in the country’s biggest cities, to small but crucial infrastructure sites strategically placed in remote corners of the continent. Every day, more than 5,000 employees work to keep this infrastructure network running, with technicians constantly on the move, and employees travelling across the country.

Keeping the company’s many buildings secure and people safe is the responsibility of the Security Emergency Response Centre (SERC) team, which serves as the company’s real-time security information hub. When a security-related incident happens, the SERC needs fast, accurate and relevant information about that incident, to protect people and property. Dataminr represents an important real-time information source for this company’s SERC.

How well did you know this?

Not at all

Perfectly

Inside the SERC

This utility company opened its SERC in 2012, with the goal of monitoring security risks at 10 sites. Since then, the SERC has grown into a 24/7 centre with 15 employees, providing 18 distinct services.

The SERC has adopted cutting-edge technology, and today serves as a model for similar security operations centres in Australia. For example, they’re an early adopter of Honeywell Command Control Suite, which gives security analysts a single view of what’s happening across the company’s entire real estate footprint.

It also adopted electronic key cabinets, which the company uses to secure physical access to its network infrastructure racks. While many companies have just one electronic key cabinet, this utilities company has installed 190 across the country.

The Value of Faster Information

Real-time information is a crucial catalyst for action inside the SERC. In an interview, a SERC Security Advisor described a January 2017 incident where a man deliberately drove a car into pedestrians on Melbourne’s Bourke Street retail thoroughfare, killing 6 people and injuring more than 20 others.

In those chaotic early minutes, SERC analysts worked quickly to build an accurate picture of what was happening: Where had the attack occurred? Was it accidental or deliberate? Was the threat still active? Were company employees injured or needed help? Should the company send out an internal communication to nearby employees? Should it lock down and secure its buildings in Melbourne?

In 2018, SERC analysts experienced similar information challenges as they responded to another attack, coincidentally, again on Bourke Street. In that case, a different security software platform alerted the SERC to the attack hours after it had happened—too late to be helpful.

How well did you know this?

Not at all

Perfectly

In September 2019, the SERC adopted Dataminr, which specializes in delivering fast, accurate and relevant information in real-time.

In one recent example, Dataminr alerted the SERC that a fire had broken out about 800 metres away from one of the company’s buildings in Adelaide. Using that information, SERC analysts called the building’s site manager, who had no idea there was a fire nearby. That early alert gave the team extra time to talk about evacuation plans if the fire threatened employee safety.

“When you look at Dataminr, my thinking is if it gives you even two minutes advance notice of an event, prior to anything coming through other media, that’s money well spent,” the SERC’s Senior Security Advisor said. “If we get an extra two minutes to make a decision, send comms out to staff or shut down a building, anything like that, it’s worth it.”

CASE 10: Major Automaker

Analysts working inside the security operations center (SOC) at one of the world’s largest automakers use real-time information from Dataminr Pulse to get an early view into emerging security risks that have the potential to impact the company’s business operations.

“My team has been utilizing the Dataminr platform for over a year now,” said the Lead Intelligence Analyst and Operations Manager at the automaker’s security operations center.

“Not only does it assist us with day-to-day operations, such as monitoring our facilities, executive travel and minimizing intellectual property leaks, but it also has provided timely emergency alerts and COVID-19 statistics during the ongoing pandemic.”

How well did you know this?

Not at all

Perfectly

Dataminr Pulse in Action

Dec. 1, 2020: Active shooter
Dataminr Pulse alerted the automaker’s SOC to a police chase that was within range of the automaker’s facilities and employees. After further research, analysts found the chase was related to an active shooter near the automaker’s facilities. The SOC issued an internal advisory to key stakeholders inside the company for visibility, and continued to update the group throughout the situation. Dataminr Pulse highlighted this potential risk more than an hour before it was covered by local news media.

The automaker uses real-time information from Dataminr Pulse to support four internal use cases:

Intellectual Property
SOC analysts use Dataminr Pulse to follow keywords related to upcoming releases, photoshoot locations, spy photography and cargo travel

Executive Protection
SOC analysts add executive travel itineraries to Dataminr Pulse, giving them visibility into emerging risks happening near accommodations, meeting locations and travel routes, as well as keywords related to the individual and their travel plans.

Facility Support
The SOC uses Dataminr Pulse to get an early look at emerging risks happening near the company’s offices, production facilities and other physical locations.

Security Department
SOC analysts use real-time information from Dataminr Pulse to build threat assessments and intelligence products related to emerging and ongoing risks, such as the COVID-19 pandemic.

How well did you know this?

Not at all

Perfectly

CASE 11: The National Football League

The National Football League (NFL) consists of 32 teams, over 3,700 employees, with stadiums and facilities in almost every major city in the United States. It also has offices in Canada, China, London, Mexico, and the United States.

Its global security operations center (GSOC) is responsible for protecting the NFL’s people and assets, including stadiums, training facilities, players, and coaches—both domestically and globally.

The NFL’s GSOC is split in two: intelligence and cyber. The intelligence team has a total of seven people, led by Robert Gummer, Global Security Operations Center Director. Gummer and his colleagues rely on Dataminr Pulse to identify potential risks in real- time, and as they unfold, often within minutes or even seconds of an event occurrence. This has allowed the GSOC team to make split-second decisions, and has made the alerts what Gummer calls “absolutely crucial to our workflow.”

“We don’t have a ton of folks. Dataminr gives us the ability to have eyes on all of our assets without having to look through millions of sources all the time,” says Gummer. “Dataminr actually makes us seem bigger than what we are.”

“As with many companies, 2020 was an unprecedented year for the NFL due to the COVID-19 pandemic. Gummer and his team had to pivot and alter their usual workflow by working from home, and outside of their traditional GSOC.

When a real-time alert comes into the GSOC that requires action, Gummer and his team use Dataminr Pulse to get an on-the-ground look at what’s happening, which he then reports to key stakeholders.

For example, on December 25, 2020, a bomb placed in a recreational vehicle (RV) detonated a mile from the NFL’s Nissan Stadium in downtown Nashville, Tennessee, injuring eight people and damaging numerous buildings in the surrounding area.

Gummer and the entire GSOC team were able to use Dataminr Pulse alerts to gain an early line of sight into the potential risks and inform key stakeholders on the events that were taking place close to Nissan Stadium.

The ease of accessing and using Dataminr Pulse outside of his GSOC office was vital in Gummer and his colleagues’ handling of the bombing. “It was a holiday so we didn’t have folks in the office. Even without staffing, we can provide true 24/7 awareness using Dataminr Pulse alerts, via the mobile app and emails.”

For example, Gummer and his team are currently planning for the NFL London Games, which take place October 2021. Before arriving in London, due to the COVID-19 pandemic and its ever-changing landscape, the NFL International Director relied on Dataminr Pulse to give him an on-the-ground view of what was happening.

If Dataminr Pulse alerts the GSOC team of a potential issue related to the London Games, they can immediately notify the International Director. Dataminr Pulse allows Gummer and his team to assess alerts in the surrounding area of the London Games, and look at trends or issues that could have a direct impact on their operations, allowing them to make necessary adjustments.

Dataminr’s real-time alerts on emerging risks worldwide allow the NFL’s GSOC to “see everything globally which extends beyond what our resources could achieve.”

CASE 12: The Daily Mail

Journalists in over 650 newsrooms around the world rely on Dataminr for News to discover the earliest possible indications of breaking news and gain an edge in covering the stories that matter most to their audiences.

Donna Ogier, the Daily Mail’s Global Director of Platform Partnerships, stresses how the social media revolution has changed how readers consume news. The earlier a news organization breaks a story, the more likely it is to be the one shared by users on various social media platforms.

“There’s a huge competitive emphasis on social media and the breaking tags assigned to stories. It’s really important that you’re in the first group of publishers to use that breaking tag,” said Ogier.

It’s essential for news organizations to be at the forefront of posting breaking news stories to social media—as there is a direct impact on both audience engagement and advertising revenue.

News organizations use audience engagement numbers to show monthly readership, which determines if advertisers want to work with them, and if so, for how much.

“We’ve found Dataminr has really sped up our ability to get in on those breaking stories early on,” said Ogier. “They deliver genuinely new-news. From celebrity pregnancy announcements and marriages to sudden deaths and litigation, it has it all in one place.”

Dataminr for News has alerted Daily Mail journalists on major stories—Kim Kardashian supporting Britney Spears’ freedom, Ariana Grande marrying Dalton Gomez, Amazon CEO Jeff Bezos announcing a trip to space and much more.

CASE 13: Major American Retail Company

We spoke with a corporate investigator at a major American retail company with close to 1,500 store locations in nearly all 50 states about how the company uses Dataminr Pulse to protect its assets and over 30,000 full-time and part-time employees.

The corporate investigator handles complex multi-market investigations, as well as threat investigations and loss prevention. The focus is primarily on physical security, but more and more the role is spilling into cyber security—an expected shift given the increasingly blurred lines between the physical and digital domains.

“Everything I do now in terms of investigations has some sort of digital touchpoint. Some of those intersect with traditional info security systems, some of them are involved with the vast array of social media and third-party selling sites,” said the investigator.

2 key types of alerts

The corporate investigator puts the real-time Pulse alerts into two main buckets: brand protection and critical events.

Brand protection includes brand mentions, threats against the company, customer service issues and complaints about in-store conditions that don’t filter through the retailer’s social media or other PR teams.

Critical events pertain to happenings in and around store locations. The retail company uses Pulse alerts as a starting point and then works to verify potential threats before informing business leaders.

Responding to threats in real time, wherever you are
On August 3, 2019, as the corporate investigator was turning her car into a shopping center, she received a cell phone alert via the Dataminr Pulse mobile app. The alert stated that there was an active shooter at a store in El Paso, Texas, close to one of the company locations.

The corporate investigator pulled into the parking lot, informed the company vice president of the ongoing situation, then contacted the area security protection leader in charge of security and safety for that particular store. “Dataminr notified us a full 10 minutes ahead of law enforcement. That allowed us to start a dialogue on the active shooter situation before the police came in and ordered us to lock down.”

Loss prevention
As a large retailer, loss prevention is one of the corporate investigator’s main priorities. She relies on Dataminr Pulse to help spot and mitigate losses by using its real-time alerts to detect the reselling of stolen goods or the sale of counterfeit products.

In April 2021, the retailer received a Dataminr Pulse alert about its gift cards. They were being sold on a third-party site. When the investigator saw the amount of the gift cards, it quickly became clear that they were fraudulent. That triggered an investigation, where the corporate investigator discovered that more than $200,000 in fraudulent gift cards—from the large retailer and others—had been sold over the course of 12 months.

“That one Dataminr alert eliminated an entire network of potential fraud and gave us insight into the ultimate fencing location,” the investigator said.

CASE 14: UN Response and Humanitarian Aid Delivery

In 2019, the UN partnered with Dataminr—through Secretary-General’s innovation lab, UN Global Pulse—to accelerate its humanitarian and crisis response efforts. Nearly two years later, thousands of UN personnel are using Dataminr’s First Alert product to keep abreast of emerging crises and what the UN calls critical incidents in real time.

This commitment includes supporting the UN’s Sustainable Development Goals (SDG). For example, with First Alert, and in support of SDG 6 on clean water and sanitation, UN staffers would know—in real time—if a region suddenly lost access to its water supply. Those staffers could then use that information to redirect water delivery trucks to the regions in need.

In the hands of UN personnel, First Alert often enables faster response in critical time-sensitive situations. For example, in Central Africa, an on-the-ground UN employee was alerted to the disappearance of a few hundred children. First Alert was first to deliver an alert on the incident, ahead of other sources. The UN employee informed his colleagues, who were then able to quickly mobilize the resources needed to immediately respond.

“Dataminr shares a common vision with our UN partners—a future in which innovations in AI continue to serve a greater public good and help to revolutionize the speed of first response and the delivery of humanitarian aid on a global scale,” said Ted Bailey, Dataminr Founder and CEO.

CASE 15: Major Security Firm

We spoke with a leading intelligence manager at a major security firm about how it uses Dataminr Pulse to keep high-profile clients safe while operating and traveling in areas deemed volatile or high risk. The firm has been a Dataminr customer for almost four and half years and has nearly 80 analysts who use Pulse on a daily basis.

For example, on the morning of February 1, 2021, Myanmar’s military declared a state of emergency and took over the country’s government. Dataminr was the first platform to alert the security firm of the situation, and in turn, they were able to inform its clients in Myanmar of the events, immediately giving on-ground visibility as the chaotic situation unfolded.

“When you’re covering Africa, the Middle East, South America, and Southeast Asia, it gets tricky. With Dataminr, we started to find that, in a lot of countries we have been able to significantly improve our coverage. Myanmar isn’t a country that necessarily uses all social media platforms. So Dataminr’s wide-ranging coverage of social media channels and the alerts on the public content that they produce were very helpful for us. The alerts allowed us to understand the volatile and rapidly evolving situation more quickly and better determine when things could escalate, all in a way we have been looking to improve in places like Myanmar”, said Intelligence Manager at a major Security Firm.

CASE 16: Global Bank

A global bank—which has tens of thousands of employees in offices across five continents—turned to Dataminr when it realized it needed to expand the capabilities of its global security operations center (SOC).

The need for automated risk discovery
Prior to Dataminr Pulse, the bank’s SOC operators had to rely on manual searches to identify potential risks. It was very labor-intensive and highlighted the need for a more automated process.

In 2021, the bank experienced a loss of nearly $13 million in physical assets due to a series of high-risk events that occurred near its headquarters. It noted that, had it been a Dataminr customer at that time, its SOC could have prevented a large portion of that loss.

Today, the team uses Dataminr Pulse’s real-time alerts to automate its detection of potential threats and disruptions as they emerge, often within seconds or minutes of an occurrence. The result is a wider, more comprehensive view of risks at the global, regional and local level.

And, as the alerts are tailored to the needs of the bank, the SOC only receives the information most relevant to the organization. Being able to integrate Pulse into its workflows has given the SOC “massive peace of mind.”

Life-saving real-time information
In late 2021, multiple explosions rocked Kampala, Uganda. Dataminr Pulse alerted the bank to the explosions—30 minutes before major news coverage—some of which were close to where bank employees worked. Because the security team received the alerts in real time, it was able to quickly and safely evacuate nearby employees from the affected areas, and more easily account for all staff members.

Pulse also alerted on the progression of events that followed the two bombings, allowing both the SOC and field security managers to maintain real-time visibility of what was happening on the ground and where. They were then able to ensure employees remained safe and swiftly mitigate any risks to customers and locations.

Geovisualization for faster decision making

Since using Dataminr Pulse’s geovisualization capabilities, the bank has been able to significantly cut down its response time, locate assets and conduct proximity measurements faster and make decisions much more quickly.

One of the areas where geovisualization has made a critical difference is in helping the bank stay ahead of extreme weather. As the bank operates in areas with frequent and severe weather disruptions, its SOC needs to be able to follow the trajectory of storms and know where its people and assets are in relation to weather risks.

With Dataminr Pulse, the bank is now better able to identify and prepare for threats and emerging risks; maintain visibility of events as they occur and unfold; and protect employees and assets no matter where they are—all in real time.

CASE 17: Deutsche Welle

Discover how Deutsche Welle—a German public broadcaster with 200 social media channels and 4 TV channels (English, German, Arabic, Spanish)—stays competitive in the complex media industry.

German public broadcaster Deutsche Welle (DW) has been a Dataminr customer for over two years. Journalists and social media strategists use Dataminr’s real-time alerting solution, Dataminr for News, to break news faster and stay up to date on events as they evolve over minutes, hours and days

DW chose Dataminr because, like many other newsrooms, it was faced with increased competition for share of voice and social media real estate. And with an ever-growing number of news stories occurring around the world, it needed a better way to detect breaking news in as close to real time as possible.

Move quickly from trial user to customer
DW kicked off its Dataminr relationship with a trial run. The value of Dataminr for News became clear immediately. Trial users experienced what it was like to access information beyond their existing, limited content discovery platform and manually scanning social media.

They began receiving Dataminr’s real-time alerts, which were pulled from hundreds of thousands of public information sources including social media platforms, blogs, IoT sensor data, audio transmissions, the deep and dark web and more. The alerts were delivered in real time, often within seconds or minutes of an occurrence.

“Our trial was a big success and everybody who was a trial user said, ‘I want more of this.’ We were breaking stories first or faster than our competition and consequently there was more traffic from search engines, which was something we liked,” said Sebastian Katthöver, DW Head of Audience Development.

Customize alerts for better news coverage

Alerts can be customized by geographic area—global, regional or hyperlocal—news beat, priority level and topics. Topics are wide-ranging, including geopolitical events, elections, sports, weather, cyber hacks and threats and more.

“We utilize tailored lists to target the story and region our journalists and editorial teams are focusing on. It’s very easy to set up and everyone can have an individual setup based on their interests,” said Katthöver.

In addition, thanks to Dataminr for News’ alerts, generated from its vast and diverse pool of public information sources, DW editors no longer need to manually scan social media platforms for news stories.

Increase digital growth and ensure legitimacy of news

“For some stories, Dataminr has given us a 45-minute head start,” said Katthöver. This is a huge advantage for DW, making it more competitive and allowing it to increase advertising revenue and audience engagement. Just as important is the ability to ensure the validity of stories before they’re published.

DW journalists and editorial teams must confirm a minimum of two sources for each news story and any anonymous tips must be corroborated. Dataminr for News gives them the advance notice needed to write and validate each piece of news.

“When we have the second source, we hit publish. The 45 minutes Dataminr for News gives us is the advance we need to produce a story that lives up to the quality standards that we have for our content,” said Katthöver.

**CASE 18: Deutsche Börse** Since 2018, Deutsche Börse has relied on Dataminr Pulse and recognized it to be a critical capability for its physical security operation in order to help protect its 10,000+ employees and assets worldwide from many challenges, such as geopolitical instability, cyberattacks and corporate travel protection. Dataminr Pulse is used primarily by the Deutsche Börse’s threat intelligence team and David Krueger, Head of Physical Security. **No. 1. Improve security operation’s capacity** For Krueger’s team of 15 people, maintaining real-time situational awareness of approximately 60 locations worldwide is a challenging task. Prior to using Dataminr Pulse, Krueger described his team’s operations as time- and resource-intensive, including manually scanning news outlets and social media to discover potential threats. This resulted in delayed response time. “Before Dataminr, we had to pull information, contextualize it, then put it into actionable intelligence. In doing so, we had an incident response delay of 30 to 60 minutes, ” said Krueger. “With Dataminr, we have now significantly reduced our response time.”

**No. 2. Stay ahead of high-impact global events** In the past three years, the world witnessed high-risk events such as the Hong Kong political crisis, the COVID-19 pandemic and the Ukraine-Russia conflict. Informed by Dataminr Pulse’s real-time data, Deutsche Börse’s security team was able to maintain close oversight of its employees in the impacted regions and provide them with critical guidance. “During the political crisis in Hong Kong, because we provided real-time information to our staff, they were able to avoid the impacted areas both during and outside of work,” said Krueger. “The alerts definitely helped us prevent incidents that could have impacted our staff.” By using Pulse’s real-time alerts, the security team can keep track of incidents or emerging risks that affect other organizations operating in the same market. This enables them to take proactive action to mitigate risks. “When there are security incidents affecting other organizations, we can immediately investigate and determine if they could affect us and inform other internal stakeholders,” said Krueger.

**No. 3. Increase credibility and contribution in decision making** By leveraging Dataminr Pulse’s real-time alerts and geovisualization capabilities, Krueger’s team has shown senior management that it can identify and respond effectively and quickly to incidents. Its adoption of Dataminr tools also demonstrates the tech-based approach of Deutsche Börse’s security operation toward digital transformation, which directly aligns with the overall strategy of the company. “Our analytical approach and actionable intelligence are important parts of our work. We have therefore become more involved in the decision-planning and -making process with company executives,” said Krueger. “During the start of the Ukraine-Russia conflict this year, we provided strategic insights, enabling the business to adopt contingency measures early, such as planning for additional staff and for potential business disruptions or impacts.”

**No. 4. Strengthen cross-functional collaboration and support** With access to Pulse’s real-time information, Krueger and his team members are able to provide cross-functional support to their colleagues, including those in cybersecurity, brand and reputation and compliance. “What is good about Dataminr is that we can transform a small team into an intelligence powerhouse. What we want to establish is a one-stop shop for intelligence. We aim to have a core team, which can pull in the information and provide all the different stakeholders with actionable intelligence,” said Krueger. To help prevent cyber attacks, the team gets alerted on any negative social media posts about Deutsche Börse and/or its executives that could trigger a cyber attack. “In time of sanctions, the risk of cyber attacks is increasing. That’s why it’s important for us to keep an eye on social channels so that we can take preventative action,” said Krueger.

**CASE 19: U.S. healthcare organization** A U.S. healthcare organization with approximately 30,000 employees and more than 100 hospitals and clinics turned to Dataminr and its real-time alerting solution, Dataminr Pulse to protect its staff, patients, facilities and brand—and better shield itself from the recent rise in cyber attacks on the healthcare industry. While Dataminr Pulse is able to detect risks and events from over 500,000 public data sources, the SOC only receives alerts on the information most relevant to its organization, based on priorities and needs. Take for example a high-risk event that occurred near one of the healthcare organization’s facilities. It posed a threat to employees and patients and had the potential to escalate. Because of Dataminr’s early detection, the SOC was able to immediately: notify key internal and external stakeholders, strategize on collective response efforts in real time and communicate the potential impact to the full organization and the community at large.

**Enhanced situational awareness** **Maintaining situational awareness of today’s risks is increasingly difficult given the unpredictability, frequency and types of threats facing the healthcare industry**. With Dataminr Pulse, the SOC is better able to prepare for such risks, from mass casualty incidents to cyber attacks, and maintain real-time visibility as they unfold. For instance, Dataminr Pulse alerted the SOC to a fire at one of its largest hospitals, five minutes after the fire started. This gave the hospital the extra time needed to respond, safeguard staff and patients and prevent as much damage as possible. As with all Dataminr customers, the healthcare organization has a dedicated customer success representative who provides any needed support and helps ensure the organization gets the most out of Dataminr Pulse.

**CASE 20: Radio Free Europe/Radio Liberty** RFE/RL is a public service media organization that provides independent news in places where a free press is banned by the government or not yet fully established. It operates in 23 countries in 27 languages, reaching 40 million people every week. Immediately following Russia’s full-scale invasion of Ukraine, there were concerns that Russian forces would enter Moldova next. When a bridge exploded at the Ukraine-Moldova border, Dataminr quickly alerted RFE/RL, allowing its journalists to be the first to report the news. The early warning gave RFE/RL a head start to fully verify and report on what had occurred. In a region with a polarized media landscape and widespread disinformation, this timeliness was particularly important and beneficial for both public safety and trust. “Dataminr really gives us a leg-up in rapidly developing breaking news situations,” said Patrick Boehler, RFE/RL’s Acting Head of Innovation and Audience Engagement. “We are often increasingly forced to report undercover in wartime areas, or entirely remotely, which can cause delays without a resource like Dataminr for News.”

**More efficient news gathering** “We see Dataminr [for News] as an incredible resource,” said Maja Zivanovic, Belgrade Bureau Chief for RFE/RL’s Balkan Service. “It gives us more time to focus on investigations or to follow up on stories because it can be our eyes and ears. We are updated in real time, which gives us the speed and accuracy in reporting that we are looking for to deliver trusted, independent news to our audiences.” For example, Dataminr for News alerts helped journalists in Serbia report on an increasing number of cyber attacks that took place across the Balkans. “We were floored to see that Dataminr managed to pick up information hiding in the dark web. When we were alerted by Dataminr that hackers uploaded information from Albania, we were able to piece the puzzle together that there was an Iranian-sponsored cyber attack happening in real time,” Zivanovic explained.

**Real-time alerting without physical borders** Reporting on cross-border developments is part of RFE/RL’s mission. So when Dataminr alerted local bureaus about a South Korean fugitive being held hostage in Serbia, Zivanovic and teams suddenly had access to extremely valuable information that allowed them to keep audiences across RFE/RL’s markets informed. “We never would have found out about the fugitive if we didn’t have Dataminr,” said Zivanovic. “Not only was that information impactful for our readers in multiple regions, it also provided a peace of mind that the right information will get to the right people, no matter where they are in the world.”

**CASE 21: Alnylam Pharmaceuticals** Since 2020, Alnylam Pharmaceuticals, headquartered in Cambridge, MA, has relied on Dataminr Pulse to ensure the safety of more than 2,000 employees worldwide and its critical facilities that manufacture life-saving medicines. We talked to Jeff DiPrimio, Alnylam’s Senior Director of Global Security and Building Operations, and Mike Bissen, Alnylam’s Global Security Operations Center (SOC) Manager, to understand how Dataminr Pulse became a trusted solution for their security operations. **A more sophisticated security operation** When DiPrimio joined Alnylam to build a global security program, he realized the organization needed to transform its security capabilities to support the growth of the business. It needed a global security operations center (SOC) to strengthen the overall security posture and increase technology integrations across its global offices.

After a period of relying on free alerting tools, subscriptions and websites—which required his team to manually navigate through thousands of alerts to discover potential threats— DiPrimio realized he needed a more sophisticated, automated solution, one that would be less time- and resource-intensive. That’s when Alnylam turned to Dataminr’s real-time alerting solution Dataminr Pulse. “We wanted to make sure that the information we receive is relevant, accurate and timely,” said DiPrimio. ”That’s where Dataminr came to play.” Bissen added, “We’ve moved from manually gathering information and going through it to using Dataminr [Pulse], which serves as the first filter so we can really get the alerts that may impact us. We’re in a much better position now to have our analysts assess risks before they need to escalate those risks to me,” said DiPrimio. “Most of the time, alerts have to go through our assessment process before they get to my decision making.”

In several cases, Dataminr was the first to alert DiPrimio and Bissen on incidents that were reported 15 minutes—sometimes even hours—later by other sources. “I can tell you it’s **Dataminr first. Probably over 95% of the time it’s Dataminr that gives us the first awareness of something that’s happening**,” said Bissen. “It’s almost instantaneous.” Being able to stay ahead of crises and threats has also helped DiPrimio and Bissen gain senior leadership’s trust and build credibility. By leveraging Pulse’s real-time information, these security leaders have been able to demonstrate that they can identify and respond effectively and quickly to incidents before their executives hear about them. “In the past, I would get emails from executives asking about an incident and whether it had any impact on the company. I had very little information. It was such a disadvantage for me because I didn’t have the critical information at my fingertips,” said DiPrimio.

**Increased employee safety** With access to Pulse’s real-time information, Alnylam’s global SOC has been able to more effectively ensure the safety of not only the company’s facilities, but also its most important asset: its employees. Take, for instance, when Pulse alerted the security team to a street crime outside one of Alnylam’s U.S. offices, ahead of the authorities. Bissen was able to alert his team and swiftly lock the main lobby doors, preventing any potential harm to onsite employees. Additionally, as the majority of Alnylam’s workforce has adopted a hybrid work model since the COVID-19 pandemic, it’s even more crucial that the company’s SOC has the right technology and tools to fulfill its duty of care, even when employees are working remotely.

**The value of real-time information** Below are a few more examples of how Dataminr Pulse has a proven itself a critical tool: **1.Provided advance notice of extreme weather events**, most recently the December tornadoes in Texas, allowing the global SOC to quickly inform and guide employees in affected areas and confirm their safety. **2.Helped the SOC stay abreast of geopolitical events in Tokyo and Istanbul** as they developed, ensuring the safety of company executives in the cities or traveling to them. **3.Alerted the security team of a fire near a critical manufacturing plant after business hours**. The team was able to quickly contact the site manager, who lives near the building and, as such, personally assessed the situation before security patrol officers arrived. **4.Identified a global network outage as soon as it happened**. This allowed the SOC to notify Alnylam’s IT, which was then able to mitigate any potential business disruptions.

**CASE 22: International Organization for Migration** Since 2020, the International Organization for Migration (IOM) has used Dataminr’s First Alert for its Missing Migrants Project to improve workflow efficiency to identify migrant deaths and disappearances around the world. The IMO has 175 member states, 8 states holding observer status and offices in 171 countries. In 2014, the International Organization for Migration (IOM) established the Missing Migrants Project to document incidents in which migrants, including refugees and asylum seekers, have died or disappeared at country borders or in the process of migrating to an international destination. The Project has recorded more than 60,000 deaths on migration routes worldwide since its inception, though figures remain undercounted due to data collection challenges. We spoke with Julia Black, Project Officer, and Andrea García-Borja, Data Analyst at IOM’s Global Migration Data Analysis Center, to understand how First Alert, Dataminr’s product for the public sector, became a crucial tool in helping their team gather data on migrant deaths and disappearances worldwide, more easily and effectively.

**How First Alert improves workflow efficiency** After six months of implementing First Alert into their workflow, Black and García-Borja did a formal comparison and saw that it was outperforming their other tools. In particular, when compared to the other tools the team was using, First Alert helps Black and García-Borja significantly reduce the time needed to go through the data they receive on a daily basis. “We did an analysis to see which tool captured the most data, as well as the most relevant data. It was Dataminr,” said Black. “It showed that First Alert was the best solution for our work.” García-Borja added, “The other tools showed one result for each article, so sometimes we would get hundreds of search results on the same thing. On the other hand, First Alert gathers all the information related to an incident and puts it under one theme or topic, which has been super helpful in making our process more efficient.” “We often spend a long time—several days to a week—trying to track down information to verify incidents,” said García-Borja. “Having access to real-time information through First Alert and the ability to track a news story does a lot of our work for us.”

**Using First Alert to detect shipwrecks worldwide** One of the key types of incidents on the Project team’s watchlist is migrant shipwrecks, which continue to occur globally. According to a recent UN release, in the Mediterranean Sea alone, more than 2,500 migrants died or went missing while trying to get to Europe in 2023. In November, First Alert alerted Black to a shipwreck off the coast of Senegal. **As First Alert delivers real-time alerts based on information translated from over 100 languages, she was able to understand the information—which was from an article in Wolof, a local Senegalese language**—and immediately inform the Project’s West and Central Africa office of the incident. The IOM West and Central Africa team was then able to contact local authorities and confirm that there was a search and rescue effort happening. “Because First Alert pointed us to this very isolated, hyper-local article, we were able to investigate and verify this incident, which we otherwise probably would’ve missed,” said Black. “We’re still looking into the exact number, but it could be over 100 missing people that we wouldn’t have known about, if it weren’t for First Alert.”

She also clarified that First Alert proves highly valuable to the Project’s work because authorities don’t always proactively notify IOM unless it reaches out first. Additionally, as First Alert generates alerts from over a million publicly available data sources, the team can stay abreast of all relevant news posted on social media by local authorities, such as the U.S. Coast Guard. “When the U.S. Coast Guard knows about a shipwreck, it often launches a search and rescue operation and shares periodic updates on its social media. Those updates are always picked up by First Alert,” said García-Borja. “So instead of having to go to X and search for the U.S. Coast Guard’s page, I can easily see all the developments in First Alert and document an incident.” Beyond enabling the Project team to effectively identify cases of missing migrants, First Alert has also helped improve other aspects of the employees’ work. “**First Alert has been really impactful for me because investigating migrant deaths everyday is hard on our mental health**,” said Black. “By having a tool that’s easy to work with and allows me to reduce the time manually going through dozens of articles a day, I’ve found my work to be more sustainable.” “And because we don’t need to spend a lot of time looking for information, we can allocate our resources and manpower to finding more informants, extending our networks on the ground, and more,” said García-Borja.

**CASE 23: Spot Hacktivist Activity Before It’s Too Late** On average, the number of weekly cyber attacks was up 8% globally in 2023 with experts pointing to artificial intelligence (AI), organized ransomware groups and hacktivism as key drivers. **Though hacktivism campaigns tend to be less damaging and less durable than other cyber threats, they are easy to ramp up** and thus usually start within hours of a political or social conflict. In the first quarter of 2023, this type of hacking activity accounted for 35% of cyber attacks. Cyber threat group, SiegedSec, gained momentum during Russia’s invasion of Ukraine and has since been involved in a number of high-publicity breaches. In addition to defacing websites, SiegedSec has compromised ICS and exfiltrated sensitive information and databases from both government and private sector companies.

**SiegedSec hacktivist activity at a glance** SiegedSec’s primary mode of attack is through SQL injection and cross-site scripting (XSS). Subsequent to an attack, SiegedSec posts almost exclusively on its Telegram channel—a source not often sufficiently covered by threat intelligence providers—to tout the successful compromise of its victims. This can not only leave a company and potentially its customers vulnerable, but could have rippling effects on brand reputation and overall business health. **Notable SiegedSec Attacks** * June 23, 2023 across Fort Worth, Texas city government: 150GB of data extracted and posted publicly * February 15, 2023 at Atlassian: Employee records exfiltrated and published * November 20, 2023 at Idaho National Laboratory: Personal data of employees at U.S. national security lab released online * April 16, 2023 at multinational energy company: Employees personal data and internal corporate data exposed

**Multinational energy company data breach detected** On April 16, 2023, SiegedSec published data exfiltrated from a multinational energy company and claimed to have access to the company’s administration panel. The breach exposed employees’ personal data, such as email addresses, names, departments and even vehicle information. Internal corporate data was also uploaded to an anonymous file sharing portal. The energy company, which was not a Dataminr customer at the time, was unaware of the breach until it was notified by another company. As that company is a Dataminr customer, it received an alert about the breach 10-15 minutes after it occurred. Recognizing its significance, it notified the energy company, allowing it to swiftly take action. The energy company put its incident response team immediately to work to determine the extent of the breach, mitigate the impact, patch vulnerabilities and harden its network.