P2020-ND-065

On July 1, 2019, the Organization learned an employee’s email account was compromised by an unknown actor through a phishing email sent on August 15, 2018 from a well-known supplier of the Organization. The attack spread to 28 other user accounts. The unknown actor placed an automatic forwarding rule on the accounts, which forwarded all incoming emails to an unauthorized Gmail account. The Organization disabled the rule on July 1, 2019 and reported there was no further unauthorized disclosure of personal information in connection with this incident.

File Type: pdf
File Size: 618 KB
Categories: 2020