P2018-ND-089

Between February 12, 2018 and February 15, 2018, the Organization received calls from thirteen (13) customers reporting that an alleged employee of the Organization had telephoned them with information relating to delivery, mattress pick-up, or a refund. The Organization has no record of the named employee and no calls were authorized or condoned by the Organization. In twelve (12) of the cases reported, the individual stated that in order to reschedule a delivery or mattress pick up, a charge would apply, and asked the customers for credit card information. The remaining one (1) customer was called in relation to a refund owing to the customer, and was also asked to provide credit card information. In total, the individual was successful in obtaining credit card information from three (3) customers, including one resident of Alberta. The Organization has audited access activity on the potential systems that were used to obtain the customers’ information and no suspicious activity has been identified as of yet. The Organization has reached out to its third party delivery supplier who accesses customer data to investigate the source of the data breach. The cause of the breach is undetermined at the time of the Organization?s report of the breach.

File Type: pdf
File Size: 341 KB
Categories: 2018