An unauthorized user gained administrative access to the Organization’s vendor?s systems on April 23-24, 2016, and issued commands to delete all the data housed on the vendor?s servers. That data may have included the information at issue, which had been collected by the vendor on the Organization?s behalf. While there is no evidence that credit card data was accessed or acquired by an unauthorized user, or that the unauthorized user intended to steal data, the vendor cannot rule out any unauthorized access to or acquisition of data because data was deleted by the unauthorized user.
File Type:
pdf
File Size:
332 KB
Categories:
2017