Matchlight was born out of a simple conversation. A Chief Information Security Officer at a bank asked us to tell him if one of his client lists was ever leaked to the internet. The catch? He couldn’t actually ever provide us with the list. Intro- Digital Fingerprinting.
We built Matchlight to do just that — to search for information on behalf of our clients that is so sensitive, they wouldn’t even trust us with it. But being blind has another advantage. Our founding thesis at Terbium is that no organization is 100% safe, and that all sensitive data is at risk of breach by sufficiently motivated actors. So by avoiding the need to store our clients’ sensitive data, we avoid increasing their attack surface, even if they do trust us. In the unlikely event that our data store was compromised, there would be nothing in there worth stealing.
So how do we do it? How does Matchlight search for data without needing to know what the actual data is? We accomplish that through a technique we developed ca