On November 14 and November 15, 2021, legal counsel confirmed the Organizations were the subject of a ransomware attack. On October 31 and November 4, 2021, the Organizations discovered that certain of their systems had been encrypted. The incidents did not impact the Organizations’ critical business operations. Having received no further information from the Organizations, my office asked the Organizations’ legal counsel on May 9, 2023, if the Organizations could confirm whether their investigation into the incidents was complete and whether the Organizations notified affected individuals. The Organizations reported the investigation was complete on or around May 18, 2022. On September 18, 2023, the Organizations reported, “At the time, there was no hard evidence that personal information had been compromised and based on this initial assessment, no report was filed with your office.” The Organizations reported affected individuals were notified as described below.
P2023-ND-020
File Type:
pdf
File Size:
777 KB
Categories:
2023