P2022-ND-062

A database containing customer personal information was used without authorization by a former employee whose employment was terminated in 2021. The unauthorized access was discovered on or about March 25, 2022, after customers notified the Organization about unsolicited emails received at email addresses “that they have only shared with the dealership.” Some of the affected individuals explained “they had not given consent… to the sender or his organisation” and “have not signed up for the newsletter / information pdf” they received. It is believed that the former employee retained a copy of the Organization’s customer database – which they had access to during their employment – and are “utilizing the customer data base [sic] information to solicit and send spam that was not agreed to by… customers.” It is also reported that “the individual in question has already tried to represent himself as a member of the company while accessing customer data.” The Organization’s attempts to contact the unauthorized party and retrieve or destroy the records have been unsuccessful.

File Type: pdf
File Size: 730 KB
Categories: 2022