P2021-ND-309

The Organization stores certain information for its Canadian affiliates on its servers. On January 21, 2021, the Organization?s security controls reported suspicious activity on this network. The Organization investigated, and determined that an unauthorized actor entered the Organization?s environment between January 21 and 23, 2021, accessed certain files, and took a limited number of files. On May 4, 2021, the Organization determined that the potentially compromised files contained the personal information of certain individuals. However, the Organization does not currently have evidence that the files containing personal information were actually taken or accessed by the unauthorized actor. The Organization reported, ?Because of the uncertainty surrounding the incident, and the inability to positively exclude access to or taking of personal information, [the Organization] made the decision to notify all individuals who had personal information stored on the drive areas where there was evidence of potential access…?.

File Type: pdf
File Size: 621 KB
Categories: 2021