P2017-ND-084

On February 10, 2015, the Organization was notified by a service provider of potential malware activity targeting its payment card systems on a server. The Organization initiated an investigation and hired a third party forensic investigator. The investigation revealed 2 malware output files containing payment card information on an Organization server. The malware targeted the systems between November 18, 2014 and December 5, 2014. The forensic investigator concluded that there was no direct evidence that payment card information was removed. On November 19, 2015, the Organization was notified by a payment card company that potentially fraudulent activity had been noted with respect to payment cards used at Organization properties between February 10 and November 19, 2015. The Organization has not identified any complaints as a result of the incident affecting Canadian individuals.

File Type: pdf
File Size: 336 KB
Categories: 2017