On June 20, 2016, the Organization was informed that one of its vendors had been the victim of a potential computer intrusion. An unauthorized user gained administrative access to the vendor?s systems on April 23-24, 2016, and issued commands to delete all the data housed on the vendor?s servers. That data may have included the information at issue, which had been collected by the vendor on the Organization?s behalf. There is no evidence indicating that credit card data was accessed or acquired by an unauthorized user or that the; unauthorized user intended to steal data. However, the
vendor is not able to definitively rule out any unauthorized access to or acquisition of data because data potentially relevant to its forensic investigation was deleted by the
unauthorized user.

File Type: pdf
File Size: 196 KB
Categories: 2016