On March 5, 2018, the Organization received a phishing email from a company that had an existing business relationship with the Organization. The company had itself been compromised. The phishing email was primarily blocked by the Organization?s anti-spam filter; however, one (1) user who received the email clicked the link displayed and several emails were sent from his mailbox leading three recipients to also click the link and provide their authentication information. Three email accounts were ultimately compromised. Approximately 2,500 emails were sent from the compromised email accounts and the hacker had the ability to access a limited amount of personal information inside those accounts, including an email attachment containing the information at issue. There is no evidence the attachment was opened, downloaded or transferred during the attack. The Organization advised affected individuals that it became aware on March 14, 2018 that an unauthorized person may have accessed the personal information.
P2018-ND-083
File Type:
pdf
File Size:
332 KB
Categories:
2018