Between April 14, 2019, and April 17, 2019, an unauthorized person(s) gained access to certain systems of the third-party vendor that maintains and operates certain subscription pages for the Organization and was able to modify certain subscription pages to acquire transaction information. The Organization first learned of a potential incident on April 17, 2019, when a third-party provider of advertising services informed it that there was a policy violation/malvertising on a subscription page. The vulnerabilities were removed on April 17, 2019. On April 24, 2019, the Organization was notified that there was a reasonable belief that the unauthorized code compromised transaction information.
File Type: pdf