P2018-ND-093

On June 29, 2018, an employee of the Organization received a suspicious email from a random domain that looked like a phishing email and contained the address of one of the Organization?s physical locations. The employee shared the information internally with the e-commerce team, and reported the email to the information technology department. The Organization?s investigation indicates that an unauthorized person gained access to the back end of the e-commerce platform remotely, and placed a script allowing the collection of order information as the order was placed. It appears the unauthorized third party was able to access the e-commerce platform remotely using the username and password of an employee with administrator privileges. Customers who used the online e-commerce platform at www.jysk.ca between June 4 and June 29, 2018 were affected.

File Type: pdf
File Size: 332 KB
Categories: 2018