On May 25, 2018, an employee in the Organization?s Toronto office received a phishing email from a known and trusted business partner whose system had been exploited by an outside party. The phishing email convinced the employee to provide her email login credentials, which resulted in the outside party gaining unauthorized access to the employee’s email account on June 12, 2018. Once the outside party gained unauthorized access, they changed the employee’s email configuration to hide the outside party’s activity, and synchronized the employee’s email with a remote computer. The outside party used their access to the employee’s email account to send phishing emails to the contacts in the employee’s address book. During the period the outside party had access to the email account, they had the ability to access the emails in the employee’s email account. The Organization has not found any evidence that the unauthorized party reviewed, read, or downloaded emails from the compromised email account. No parts of the Organization?s systems or business were affected by the breach other than the employee’s email account. The breach occurred from June 12, 2018 to June 13, 2018. The incident was discovered on June 13, 2018.
P2018-ND-127
File Type:
pdf
File Size:
334 KB
Categories:
2018