On or around July 24, 2017, the Organization identified suspicious code on its e-commerce website and determined it was a sophisticated cyber-attack. The Organization removed the code and began investigating with the assistance of third-party forensic investigators.
Additional malicious code was identified on August 25, 2017. The code was capable of collecting payment information entered into the website?s customer check out page by customers. The Organization determined that that this incident may impact payment cards used to make purchases on the e-commerce site between May 29, 2017 and August 25, 2017. The incident did not impact customer information received by the Organization via telephone orders. The Organization was unable to rule out that an unauthorized actor may have also access a database containing customer information for certain transactions earlier than July 24, 2017. The Organization will be providing notice to these customers as well.
P2018-ND-066
File Type:
pdf
File Size:
332 KB
Categories:
2018