P2018-ND-002

On August 1, 2017, and again on August 17, 2017, an intruder accessed the Organization?s human resources data base using misappropriated administrator credentials. The accesses lasted for 1 and 35 minutes each, respectively. The database contains approximately 300 records of current and former employees. A human resources employee discovered the unauthorized accesses on August 21, 2017. The Organization?s access logs indicate the intruder made several changes to the database information, including to vacation requests, user profiles, salary and address information. The Organization reported that its HR database provider ?believes that the person responsible obtained the Admin username and password either as a former employee or from a former employee.?

File Type: pdf
File Size: 331 KB
Categories: 2018