P2016-ND-36

On February 3, 2016, an employee of the Organization received a phishing email, disguised as an email from the Organization?s CEO. The email requested names, addresses, social security numbers, social insurance numbers, dates of birth, and salary information for all active employees, including those of the Organization?s subsidiary companies. Believing the email to be legitimate, the employee replied to the message on the day the email was received and attached a spreadsheet with the requested data. The Organization learned of the incident on February 29, 2016, through the employee who had responded to the phishing email.

File Type: pdf
File Size: 175 KB
Categories: 2016