On December 21 and 22, 2020, malicious actor(s) accessed an employee email account and used it to create a fictitious account and post a job for a receptionist on an employment recruitment site. The breach was discovered when an acquaintance of a staff member inquired about the job posting. On December 22, 2020, the Organization determined that it was not a valid job posting. On December 22, 2020, the malicious actor(s) also sent emails from the breached email account to two individuals with malicious links (a link created with the purpose of promoting scams, attacks and frauds) requesting personal information. The Organization reported that it does not know how the account was accessed. Based on its investigation, only the emails and documents within the breached email account would have been accessible. The Organization did not receive responses or personal information from the two affected individuals to whom the emails were sent from the breached account.
P2021-ND-307
File Type:
pdf
File Size:
631 KB
Categories:
2021