On April 14, 2017, the Organization reported an incident involving unauthorized access to information systems to the Office of the Information and Privacy Commissioner. Breach notification decision P2017-ND-65 was issued on May 25, 2017. At the time, the Organization believed all malware operating on its websites had been identified and removed. On October 16, 2017, while running routine scans, the Organization again identified unusual code running on its websites. The Organization retained a new third-party forensic investigator to determine what happened. The new investigators confirmed that the malware was not a new attack but already existed at the time of the original investigation and had not been removed as originally thought. The previously unidentified malware was removed on October 6, 2017 and investigators have confirmed no other malware exists. The new investigation confirmed that the malware may have stolen the information at issue from some payment cards used at www.fightgear.com, www.fitness1st.com, www.ringside.com, and www.combatsports.com between July 1, 2015 and October 6, 2017.
P2018-ND-010
File Type:
pdf
File Size:
332 KB
Categories:
2018