On September 18, 2018, the Organization became aware of a potential security incident involving unauthorized code on its website. Based on its investigation, the Organization believes an unauthorized party gained access to its network using malicious software and then used that access to place unauthorized code on the Organization?s website that handles customer transactions. The unauthorized code was designed to capture customer order information as it was entered, bypassing other technical controls in place to protect order information. On October 15, 2018, the investigation determined that the unauthorized code on the site may have collected the personal information at issue for orders placed on the website using a payment card, between August 13, 2018, and September 19, 2018.
P2019-ND-039
File Type:
pdf
File Size:
329 KB
Categories:
2019