P2021-ND-179

On February 5, 2019, the Organization was informed by another franchise owner that individuals from the corporate store entered the Organization?s location saying they were there to update the Organization?s point of sale system. The Organization believed these actions to be suspicious as the corporate office did not provide IT support previously. On February 8, 2019, the Organization discovered spyware (called ?Spyrix?) installed on its computer remotely. On February 14, 2019, the Organization contacted the corporate office, and the corporate office said it removed the software but wanted to reinstall it. The Organization reported that shortly after receiving OIPC breach notification Decision P2020-ND-120 (related to this matter), the Organization discovered ?an entire database of customers? that may be at risk. The Organization reported ?our systems (point of sale systems) are cloud base [sic] and all connected which is why i [sic] have reason to believe all of the information tied to the systems were or are at risk.?

File Type: pdf
File Size: 722 KB
Categories: 2021