On March 10, 2019, the Organization experienced an encrypted ransomware attack that affected access to a majority of the Organization?s IT systems and internal servers. The attacker demanded payment of a ransom in exchange for restored access to these systems. The incident was discovered the same day by staff investigating a help desk ticket related to email performance. The Organization?s investigation has not found any evidence to indicate there was any exfiltration of personal information, however this possibility cannot be conclusively ruled out. For a brief period of time while the system was being restored, files containing employee personal information did not have the proper access restrictions in place. This vulnerability was corrected within an hour of the issue being discovered. The systems were restored from March 11, 2019 – March 27, 2019.
P2019-ND-165
File Type:
pdf
File Size:
623 KB
Categories:
2019