Apple Canada Inc.
An external party may have phished one of the Organization?s employee?s credentials and queried the central system that stores iTunes customer account information. The Organization reset the credentials used by the external party upon discovery of this incident, thereby terminating the external party’s ability to access the system containing iTunes customer account information. The third party was able to access the account information for 2 individuals in Alberta prior to the termination of their access to the system. Internal monitoring tools detected suspicious activity in the central system and these alerts were quickly escalated for response and review. The incident occurred on September 14, 2018 and was discovered the same day.