P2016-ND-47

On July 15, 2016, a forensics firm retained by the Organization identified evidence that malware was present on many of the Organization?s point of sale registers. The Organization believes the malware was installed by an unknown third party between January 2, 2016 and July 17, 2016, enabling unauthorized parties to access names and payment card data. Payment information used on the Organization?s ecommerce website was not affected. On July 18, 2016, the Organization alerted all employees with email access to the possibility of social engineering attacks, and asking personnel to contact security to report any such activity. The Organization?s IT team blocked certain IP addresses and URLs across the enterprise; required password changes for all domain admin accounts and certain service accounts; implemented blocking on Word macros and Adobe Flash; and began increased enterprise monitoring. On the following day, after effective containment actions were taken, social engineering attempts were thwarted by employees and security. On July 19, 2016, an email was received by a store manager in Ontario complaining about service in the store, and asking the manager to open an attached word document to review “details” of a complaint.

File Type: pdf
File Size: 198 KB
Categories: 2016