BlackBox in the Field · Case Studies

The Breach
That Almost Happened.

Real threat scenarios across real industries. Every case below reflects the kind of exposure that organizations discover — usually too late. BlackBox was built to make sure they don't have to find out the hard way.

* Scenarios are representative of documented threat patterns. Identifying details are illustrative.

Construction
Strip Seal APC
The Blueprint Leak — When the Bid Was Already Lost
A regional contractor's pre-tender site plans contained GPS coordinates, CAD software authorship metadata, and an internal file path that named the client. A competitor had the bid before it was submitted.
$2.4M
contract value at risk
The Situation

A mid-size construction firm was competing for a $2.4M government infrastructure contract. Standard practice: exchange preliminary drawings with the client via email before the formal tender. Standard practice was the problem. Those PDF drawings were exported directly from their CAD system, metadata intact.

The Threat

The exported drawings contained the drafter's full name and employee ID, the internal project folder path (which named the client explicitly), GPS coordinates embedded during a site survey, and software version fingerprinting that revealed their entire toolchain. A competitor running even basic metadata extraction would own the intelligence picture.

The Exposure

Competitor intelligence is only the beginning. Under GDPR and equivalent Caribbean data protection frameworks, leaking client project details — even accidentally — carries regulatory liability. The reputational damage of losing a tender because your own documents briefed the competition? Unquantifiable. The lost contract: $2.4M.

The BlackBox Response

Strip removes all metadata from exported CAD drawings, PDFs, and site images before they leave the building — GPS, authorship, software fingerprints, internal paths, all of it. Seal creates a cryptographic manifest for every document shared externally, proving exactly what was sent and when. APC monitors the network for any anomalous outbound traffic patterns that suggest document exfiltration is already in progress.

The Outcome

With Strip deployed at the point of export, every document leaving the firm is clean — no metadata, no fingerprints, no intelligence value for a competitor. The tender process becomes what it was supposed to be: a competition on merit. Seal gives the client a verifiable chain of custody for every shared document. APC flags if anything unusual leaves the network. The firm wins on their work, not in spite of their documents.

Bottom Line
"You spent months designing those plans. Don't let the file tell the story before you do."
Legal
Strip VanGuard Seal
The Privileged Communication That Wasn't
A law firm shared discovery documents with opposing counsel as required. What they didn't intend to share: tracked changes, deleted comments, the partner's personal annotations, and the name of a confidential witness.
Case
dismissed · metadata fault
The Situation

A litigation firm representing a corporate client in a contract dispute was compelled to produce documents in discovery. The documents were reviewed, redacted, and sent as PDFs. What the partner didn't know: the Word documents the PDFs were printed from still had track changes enabled — and the PDF export preserved the revision history in its metadata stream.

The Threat

The metadata contained deleted paragraphs the firm had decided not to include, a partner's handwritten annotation naming a confidential informant, and revision timestamps that showed the document was altered 22 minutes before submission. Opposing counsel's technical team found it in under an hour. The firm had inadvertently briefed the other side.

The Exposure

Attorney-client privilege challenges. A motion to strike based on the altered submission timeline. Disclosure of a protected source. Bar association complaint. The case was ultimately dismissed on procedural grounds arising from the metadata revelation. The client's $11M claim went with it.

The BlackBox Response

Strip removes revision history, tracked changes, comments, and all document metadata before any file leaves the firm — regardless of format. Seal timestamps and signs the clean version, creating an unimpeachable record of exactly what was produced and when. VanGuard encrypts all document transfers between attorneys and clients, ensuring nothing is intercepted in transit.

The Outcome

Every document produced in discovery is stripped clean before it leaves the firm. The chain of custody is cryptographically provable. What you intended to produce is exactly what they receive — nothing more, nothing less. The firm's obligations are met. The client's privilege is protected. The partner sleeps.

Bottom Line
"The document you produce in discovery should contain your argument. Not your strategy."
Healthcare
Strip Lens APC
The Radiology File That Named the Patient
A hospital's radiology department shared anonymised scan images with a research partner. The DICOM metadata embedded in every image contained the patient's full name, date of birth, and treating physician. 847 patients. Zero consent.
847
patients exposed
The Situation

A regional hospital partnered with a university research program to share de-identified scan data for an oncology study. The clinical team exported DICOM images, confirmed the visual content contained no identifying information, and transmitted the dataset. No one checked the file headers.

The Threat

DICOM is the standard format for medical imaging. It is also a richly structured metadata container. Every image in the dataset contained PatientName, PatientID, PatientBirthDate, InstitutionName, ReferringPhysicianName, and study timestamps. The "anonymised" dataset was a complete patient roster with associated medical conditions.

The Exposure

HIPAA violation. GDPR breach notification obligation. Regulatory fines up to 4% of annual revenue. Individual patient notification for 847 people. Civil liability for psychological harm. Reputational damage to both the hospital and the research partnership. The research program was suspended pending investigation.

The BlackBox Response

Strip processes DICOM and medical image formats, scrubbing all patient-identifying fields from the file structure before export — the scan content is preserved, the identity is gone. Lens audits the hospital's network posture to identify DNS leaks, unencrypted connections to research partners, and any exposure vectors in the data transfer pipeline. APC monitors all outbound data flows from clinical systems, flagging large transfers for review before they leave the network.

The Outcome

Research partnerships proceed without compromising patient privacy. Every shared file is genuinely anonymous — not visually anonymous, structurally anonymous. APC's monitoring means the compliance team has a real-time picture of what's leaving the network. If something goes wrong, the forensic log is already waiting.

Bottom Line
"The image was clean. The file wasn't. Those are not the same thing."
Finance
Strip APC VanGuard
The M&A Document That Moved the Market
Due diligence documents for an unannounced acquisition were shared between advisory teams. The metadata told a story the NDA couldn't contain — and the stock moved three days before the announcement.
SEC
inquiry initiated
The Situation

A financial advisory firm was managing a mid-market acquisition — a listed company acquiring a private target. Standard NDA in place. Documents were shared over encrypted email between the buyer's team, the seller's counsel, and the advisory firm. The metadata on those documents was not part of any NDA.

The Threat

The financial models shared in Excel format contained the author's company name, the acquisition target's name in the file path, and revision history showing the deal structure had changed twice in 48 hours — suggesting a closing timeline. The document had been opened by 14 people across 4 organisations before the deal closed. Any one of them had the intelligence picture.

The Exposure

Unusual options activity three trading days before announcement. SEC inquiry. Material non-public information (MNPI) liability. The advisory firm faced sanctions. The deal closed — but the investigation cost more in legal fees than the advisory mandate was worth. One metadata field. Multiple careers at risk.

The BlackBox Response

Strip cleans every document in the deal room before distribution — models, memos, term sheets — regardless of format. APC monitors network access patterns across the advisory team's systems, flagging anomalous access to deal-sensitive files at unusual hours. VanGuard encrypts all inter-firm communication, ensuring documents can't be intercepted between parties.

The Outcome

The deal room is clean. Every shared document contains exactly what it's supposed to contain. APC's access logs are the compliance team's alibi — if a regulator ever comes asking, the firm can demonstrate exactly who accessed what and when, with a cryptographically sealed audit trail. That's not just good security. That's how you keep your licence.

Bottom Line
"You signed the NDA. You forgot to sign the metadata."
Government
APC Seal VanGuard
The Procurement Record That Wasn't Sealed
A government ministry's procurement process was challenged in court. The digital records existed. The chain of custody didn't. Without cryptographic proof of integrity, the documents were inadmissible — and the contract award collapsed.
$8.7M
contract award voided
The Situation

A regional government ministry awarded an $8.7M infrastructure contract following a competitive tender process. An unsuccessful bidder challenged the award, alleging that evaluation scores had been altered after the fact. The ministry had the documents. They could not prove the documents hadn't been touched.

The Threat

Without a cryptographic seal applied at the moment of creation, every document in the procurement record was suspect. Modification timestamps can be altered. File system logs can be cleared. The ministry's IT team had no mechanism to prove the evaluation records had not been changed between scoring and challenge. The allegation didn't need to be true to be effective.

The Exposure

Contract voided pending re-tender. Ministry officials under administrative investigation. 18-month project delay. Legal costs exceeding $400,000. Political fallout. And critically — because the documents couldn't be authenticated, the ministry couldn't demonstrate its own innocence. The absence of a seal was treated as evidence of something to hide.

The BlackBox Response

Seal applies a cryptographic SHA-256 signature to every procurement document at the moment of creation — evaluation forms, scoring matrices, award recommendations. Any subsequent modification is immediately detectable. APC provides a complete, tamper-evident log of every access to procurement records across the ministry's network. VanGuard encrypts all inter-departmental communication during sensitive procurement phases.

The Outcome

Every document is sealed the moment it exists. The chain of custody is mathematical, not procedural. When a challenge comes — and in government procurement, it always comes — the ministry doesn't need to argue. It opens the Seal log, presents the cryptographic manifest, and the question answers itself. Clean process. Provable process. The same thing.

Bottom Line
"Integrity isn't just about doing the right thing. It's about being able to prove you did."
Oil & Gas
Strip APC Seal
The Survey Image That Marked the Field
Seismic survey images shared with a joint-venture partner contained embedded GPS coordinates and acquisition timestamps. Before the exploration licence was formally registered, a third party had staked an adjacent claim.
$40M+
exploration value disputed
The Situation

An independent exploration company completed a seismic survey of a prospective offshore block in the Caribbean. Preliminary results were shared with a potential joint-venture partner during due diligence — standard images exported from the acquisition system, sent over encrypted email. The encryption protected the channel. It didn't touch the content.

The Threat

The survey images contained acquisition GPS coordinates precise to within 3 meters, survey timestamps establishing exactly when and where the team had operated, equipment serial numbers traceable to the survey contractor, and processing software fingerprints. Anyone who received those images knew where the prospect was before the licence was registered.

The Exposure

An adjacent claim was filed 11 days after the survey images were shared. The exploration company could not prove the coordinates had come from their data. The dispute cost two years of legal proceedings and a negotiated settlement that gave the adjacent claimant rights to a portion of the block. Estimated value transferred: in excess of $40M. The JV partner was never formally implicated.

The BlackBox Response

Strip removes all geographic metadata, acquisition timestamps, and equipment fingerprints from survey images before they leave the exploration team's systems. Seal creates a cryptographic record of the original, unsealed data — so the company retains proof of its own priority without ever sharing it. APC monitors access to survey data across the team's network, maintaining a forensic log of exactly who accessed the raw files and when.

The Outcome

Due diligence packages go out clean. Partners see the interpreted results — not the coordinates that generated them. The company's priority is protected by the Seal log, not by trust. If a dispute ever arises, the forensic chain of custody proves who had the data first. In a jurisdiction where exploration rights are fought in court, that chain is worth more than the survey itself.

Bottom Line
"You encrypted the transmission. You forgot to encrypt the story inside the file."

Your Industry. Your Data. Your Responsibility.

The next case study
shouldn't be yours.

Every scenario above reflects a real category of exposure that organisations discover — usually after the damage is done. BlackBox gives you the tools to make sure you're never the cautionary tale.