P2018-ND-145

Plant Therapy, Inc.

On May 11, 2018, the Organization learned of a potential data security incident involving the unauthorized installation of malware on the ecommerce web platform of its third-party provider. The malware created an iframe overlay designed to capture billing details entered by the customer during the shopping cart checkout process. The incident potentially exposed the payment card information of individuals who made purchases on the ecommerce website between March 29 and May 11, 2018. On July 20, 2018, ongoing monitoring efforts revealed additional individuals may have been affected by the incident. These additional individuals may include customers who used the ecommerce platform between July 17- 20, 2018, and whose information may have been accessed following the reinstallation of malware on its third party provider’s ecommerce web platform. The personal information of one Alberta resident may have been affected twice during the ongoing data incident.

File Type: pdf
Categories: 2018
Tags: Unauthorized access