P2021-ND-208

On January 7, 2021, the Organization discovered a key logger on its e-commerce platform upon completing a routine vulnerability scan. The Organization confirmed that, on December 27, 2020, an administrator account was used to upload a picture containing malicious PHP code to the Organization?s catalog of website photos. The malicious code acted as a key logger that captured the information entered by the Organization?s customers upon checkout. Customer personal information and payment details entered on the website between December 27, 2020 and January 7, 2021, may have been accessed without authorization.

File Type: pdf
File Size: 613 KB
Categories: 2021