In 2009, the Organization sent letters inviting its customers to register in a web portal which would allow online access to various vehicle information. The invitation letters included a Personalized URL, or ?PURL?. The PURL registration pre-filled certain customer information. On March 2, 2011, the Organization noted an activity report showed an unusual volume of requests from a single IP address (the ?Anomaly IP?) between February 12 ? 23, 2011. On investigation, the Organization discovered 26,632 PURLS had been accessed. The Organizaton could not determine exactly how the breach occurred. It remains possible that its customer database was accessed.
File Type:
pdf
File Size:
186 KB
Categories:
2011