On June 27, 2016 the Organization learned that one of its vendors had been the victim of a potential computer intrusion. An unauthorised user gained administrative access to the vendor?s systems on April 23-24 2016, and issued commands to delete all the data housed on the vendor?s servers. That data may have included the information at issue, which had been collected by the vendor on the Organization?s behalf. There is no evidence indicating that credit card data was accessed or acquired by an unauthorised user or that the unauthorised user intended to steal data. However the vendor is not able to definitively rule out any unauthorised access to or acquisition of data because data potentially relevant to its forensic investigation was deleted by the unauthorized user.
P2017-ND-078
File Type:
pdf
File Size:
332 KB
Categories:
2017