For certain time periods between February 1, 2018 and May 19, 2018, personal information about users on the Organization?s application server was publicly accessible. Although the server was not generally known outside the Organization?s development team, the breach was identified by a reporter who was apparently looking for vulnerabilities in the Organization?s systems. The Organization was made aware of the issue on May 18, 2018. The Organization reported that it has no evidence that the information was viewed or accessed by anyone other than the reporter.
File Type: pdf