P2019-ND-179

The Organization uses a cloud-based platform to store and exchange certain corporate information.
On March 9, 2019, it learned from a third party that certain folders stored in the platform had been shared by staff with external business partners in such a way that the folders and the files within the folders could potentially be accessed by other parties. The next morning, the Organization reconfigured the access settings to these folders to remediate the issue. The Organization investigated and identified a small number of customer marketing lists that were potentially accessible. The files in question were accessed and downloaded between two and four times by IP addresses not associated with the Organization between February 15 and March 10, 2019, most likely by a security researcher who was investigating the issue and through whom the Organization indirectly learned of the issue.

File Type: pdf
File Size: 605 KB
Categories: 2019