P2018-ND-087

The Organization?s EssoExtra Loyalty Program mobile application, which is hosted and managed externally by the Organization?s third party vendor, Exchange Solutions International, was the focus of an attack by an unknown third party. As a result, loyalty program member accounts were accessed by a third party, allowing a perpetrator to redeem points for merchandise and gift cards in BC and Alberta. The unauthorized activity occurred between February 11, 2018 and March 22, 2018 and was first identified on February 21, 2018. Technical defects were researched and confirmed March 9, 2018 and then the required corrections were implemented on March 15, 2018 and March 22, 2018.

File Type: pdf
File Size: 342 KB
Categories: 2018