P2019-ND-159

On February 14, 2019, the Organization identified a security misconfiguration of an online portal used for internal administrative purposes. This resulted in some customer data potentially being accessible through online search engines when using specific search terms. The Organization estimates that that the earliest date from which some elements of the data was unsecured was February 1, 2016. The data was secured on February 15, 2019. The Organization reported that log information indicates the data was accessed by users and search engines, but it is unable to determine if the access was malicious or unauthorized. The Organization?s customer and booking system websites were unaffected by this incident.

File Type: pdf
File Size: 533 KB
Categories: 2019