P2018-ND-019

On April 10, 2017, the Organization learned that its loyalty program website, which is hosted by a vendor, was attacked by an unknown third party using IDs and passwords. he attack attempted to login and access customer loyalty accounts. The attack was discovered by the Organization?s vendor as part of normal alerting on website traffic. The Organization investigated and believes that usernames and passwords may have been available to the unauthorized third party through illicit means (i.e. dark web). There is no evidence that the usernames and passwords were acquired from the Organization. The attack occurred between April 9, 2017 and April 10, 2017.

File Type: pdf
File Size: 332 KB
Categories: 2018