On or about March 28/29, 2020, an unknown individual accessed an employee?s e-mail inbox. The attacker set up an auto-forwarding rule which caused certain emails containing personal information of a group of employees and contractors to be forwarded to an external Gmail account. The Organization determined the attacker had somehow obtained the employee?s credentials (password) and accessed the account through a legacy protocol. The Organization?s investigation did not conclusively find evidence regarding how the credentials were obtained by the attacker (such as phishing, malicious website, or guess/use of a previous password) and confirmed the access by the attacker was limited to one email inbox. The Organization reported there was no evidence to determine that the attacker had accessed any other personal information in the inbox; however, the Organization could not conclusively determine that other information in the inbox had not been accessed. Therefore, the Organization reviewed the subject inbox to determine whether additional employees might have been exposed.
? The breach was discovered on April 1, 2020 when the Organization?s IT Manager received an email alert concerning a potential security issue.
P2020-ND-178
File Type:
pdf
File Size:
637 KB
Categories:
2020