In August 2017, in response to customer reports of fraudulent activity on their credit/debit cards, the Organization conducted an investigation of its e-commerce website. The investigation revealed that an unauthorized JavaScript link had been introduced to the ?footer? of the website. The link was designed by an unauthorized third party to harvest data submitted via a web form and exfiltrate the data to the unauthorized third party. The Organization determined that between April 24, 2017 and August 4, 2017, the unauthorized third party may have acquired information about Alberta residents who provided new or updated information. There is no indication that there was exposure of any then-existing information that had been previously provided to the Organization.
P2018-ND-062
File Type:
pdf
File Size:
329 KB
Categories:
2018