Children's Wish Foundation of Canada
On May 6, 2019, an HR employee clicked a malicious link included in an email asking her to modify her Office365 password. The employee immediately alerted the Organization?s IT department and changed her password. No abnormal activity was detected by the IT department until May 23, when it noticed the existence of an unauthorized log from Bulgaria dated May 1 and from Turkey dated May 3. The Organization investigated, contacted Microsoft and retained a forensic cybersecurity firm to determine the root cause of the logs and whether data had been accessed, used or exfiltrated by an unauthorized third party. On July 15, 2019, the Organization received a report from the cybersecurity firm which concluded that the HR employee laptop had not been compromised and that there was no evidence of unauthorized data access or exfiltration. However, the logs suggest that the unauthorized third party(-ies) had the possibility to create a local copy of the HR employee’s mailbox on their own devices.