P2021-ND-025

The Organization maintains an online store (www.apwa.net/store/), through which members can pay dues, purchase merchandise and educational resources, and register for events. On or about May 8, 2020, the Organization was notified about a potential scripting issue within the software that supports its cloud-based association management software. On or about May 15, 2020, the Organization was notified that the issue was a vulnerability that presented a security risk because it could facilitate a ?man in the middle attack? whereby a threat actor could compromise payment card information at the point of sale in its online store. On June 23, 2020, the forensics investigation determined that the payment card information of customers who made purchases through the Organization’s online store between April 10, 2020 and May 20, 2020 was accessed by an unknown and unauthorized third party, leading to the potential compromise of certain customers? payment card information.

File Type: pdf
File Size: 601 KB
Categories: 2021