P2017-ND-077

Kids & Company Ltd.

On February 8, 2017, an employee with the Organization discovered that she had access to employee files she did not normally have access to and reported it to the Organization. The Organization investigated and found that permission settings on shared file drives were lost during migration of data to a new server. The Organization reported it is possible unauthorized access began in January 2015 when the server was provisioned and data migrations began. The information was accessible to internal employees who had a valid account between the period of January 2015 and February 9, 2017; however, many employees were not able to view the folders as they were not mapped on their network drive. The Organization is unable to confirm whether or not the files were actually accessed as detailed access logging and auditing was not enabled. The breach affected the Organization?s entire workforce of current and past employees.

File Type: pdf
Categories: 2017