In early April, a third-party security provider alerted the Organization to suspicious activity involving potential unauthorized access to customer information. The Organization investigated and determined that between March 25 – 26, 2018 an unauthorized third-party accessed and acquired the full names, email addresses, and salted and hashed passwords of certain registered users within a database accessible through one of the Organization?s public online stores, buy1.snapon.com. Other personal information in the database was encrypted and there is no evidence that this data was accessed or acquired. Payment card numbers would not have been accessible because the Organization uses a third party to handle payment processing, and does not receive any payment card information; therefore, the information was not present in the database.
P2018-ND-074
File Type:
pdf
File Size:
329 KB
Categories:
2018