P2019-ND-136

On February 26, 2019, the Organization was advised by one of its vendors of a security incident and that some of the vendor?s data may have been stolen. On February 28, 2019, the vendor confirmed to the Organization that a former employee had stolen certain data from the vendor?s computer network. It remained unknown to the Organization at that time whether the Organization?s data was among the data stolen by the former employee. On March 15, 2019, the vendor confirmed that the Organization?s data was among the client data stolen. The Organization has since learned that on February 22, 2019, the vendor was notified that one of its independent contractors had received a text message from an unidentified individual stating that the individual had gained access to and downloaded the vendor?s client data. On February 27, 2019, the vendor determined that a former employee had surreptitiously and unlawfully downloaded data from the vendor?s network to a remote server during his short-term employment from January 28, 2019 to February 20, 2019). The former employee has since been arrested and charged.

File Type: pdf
File Size: 548 KB
Categories: 2019