P2018-ND-156

Between August 29 and September 5, 2018, the Organization was subject to a targeted email phishing attack that resulted in an unknown third party briefly gaining access to the email accounts of two of the Organization?s employees and using those accounts to send out further phishing emails. The Organization has determined that through a subsequent investigation that an employee clicked on a malicious link contained within a phishing email that linked to a credentials harvesting website which allowed the third party to access the employee?s email account. On our around September 5, 2018, the unknown third party sent a phishing email from the employee?s email account to various internal and external recipients in the employee?s email address list. A second employee within the Organization clicked on the link contained within the email allowing the third party to temporarily access the second employee?s email account. On September 6, 2018, a second phishing email was sent by the third party using the second employee?s email account to all recipients in the second employee?s email address book. The incident was discovered upon the first phishing email being sent out from the first employee?s email account and being forwarded to the Organization?s IT security team. The Organization discovered that the incident may have resulted in access to personal information on or around October 3 and 4, 2018.

File Type: pdf
File Size: 337 KB
Categories: 2018