P2020-ND-038

On November 14, 2019, the Organization discovered a vulnerability in the shopping cart function on its website that allowed an unauthorized user to record information in the shopping cart. The incident was discovered by a consumer using the site, who reported it to the Organization. The Organization reported that an unauthorized individual or group extracted personal information by executing a vulnerability in the code of the third party used for the shopping cart function. The investigation determined that the unauthorized person was able to obtain the personal information at issue during the period of March 1, 2019 through November 14, 2019. The incident did not affect any other part of the site or other information maintained by the Organization.

File Type: pdf
File Size: 607 KB
Categories: 2020