On April 5, 2021, an unauthorized user with an IP address in Nigeria, gained access to an employee’s email account. The unauthorized user accessed the account multiple times between April 5, 2021 and April 8, 2021. On April 8, 2021, the unauthorized user attempted to initiate a fraudulent wire transfer by using the compromised e-mail address to authorize the wire transfer of an account the Organization believes is controlled by the unauthorized user. Also on April 8, 2021, the Organization’s stakeholders received the fraudulent email posing as an Organization employee. The Organization’s investigation concluded that the unauthorized access to the email account was via web access and that there is no evidence of mailbox synchronization. In June and July 2021, the Organization began to determine which emails and documents in the email account contained personal information. The Organization was not able to determine how the unauthorized user accessed the e-mail account. However, there was evidence of multiple failed login attempts prior to the successful login. This suggests a brute-force attack. The Organization has not been able to determine the extent to which the personal information contained in emails and documents in the email account were accessed by the unauthorized user.
P2022-ND-045
File Type:
pdf
File Size:
624 KB
Categories:
2022