On May 28, 2020, the Organization discovered that customer personal data had been accessed by one or more unauthorized persons in February. The Organization discovered that two domains were hosting a replica of the Organization?s website; one in Iran, and the other in India. A recently hired developer made an unauthorized back up copy of the Organization?s database and website, and imported the data to an unauthorized server. The system was unprotected, with ports open to the internet. The Organization?s investigation indicated that the back up data was accessed by an IP address originating in China. The Organization reported that it relocated its systems from the hosting facility where the data was copied by the developer into Amazon Web Services, to reduce the likelihood of reoccurrence.
P2020-ND-158
File Type:
pdf
File Size:
617 KB
Categories:
2020