On June 4, 2018, the Organization was made aware that anomalous software had been installed on its server. On June 28, 2018, the Organization?s technical investigators confirmed the software had the capability to enable the intruder to gain access to customer databases containing personal information provided by customers when making online orders, and to intercept credit or debit card details at the point of sale. The unauthorized access is believed to have taken place between December 7, 2017 and May 22, 2018. The Organization is unable to definitively conclude whether personal data or debit/credit card details were in fact exfiltrated, but consider this to be likely as the attacker had the access and tools required.

File Type: pdf
File Size: 332 KB
Categories: 2018