P2019-ND-087

Bayer Inc. / Bayer AG

A SIRIUS file directory was created on May 4, 2018 by a service provider to the Organization. On June 11, 2018, the Organization was informed by a third party of a possible personal data breach with respect to the file directory, such that it was freely available on the internet. On June 12, 2018, the Organization notified the service provider of the breach, and access to the directory was closed. The directory logfiles showed two unauthorized third parties accessed and downloaded the file. One of the two third parties was the reporting third party and was asked to delete the data, which was done. The identity of the second third party is not known. Log information from before January 2018 is missing. Due to the missing logfiles, the Organization said it was uncertain how long the data was accessible and it cannot be excluded that other unauthorized third parties gained access to all the data.

File Type: pdf
Categories: 2019
Tags: Unauthorized disclosure