On or about December 8th, 2016, a phishing email was received by an employee of the Organization which went undetected and the employee’s credentials were provided to the malicious attacker. The attacker then accessed the employee’s Outlook Web Access and added an email forwarding rule so all emails received by the employee were also forwarded to the malicious attacker’s mailbox. This resulted in data leaving the Organization’s control and being inadvertently disclosed, including the personal information at issue. The inadvertent disclosure occurred on two different dates: March 21, 2017 and April 6, 2017.
File Type:
pdf
File Size:
330 KB
Categories:
2017