P2020-ND-011

On May 29, 2019, the Organization was made aware of an email phishing incident that affected a number of its employees. In particular, an employee mistakenly clicked on a malicious link after receiving a phishing email, which resulted in unauthorized access to the employee’s email account by an unknown third party or parties. As a result, unauthorized access to personal information belonging to the Organization?s members and non-members, which was stored in the employee’s email account, may have occurred. The identity of the third party or parties that accessed the email account without authorization is not known. The Organization reported that ?No evidence was found indicating that data was accessed, copied, and/or removed?. The breach was discovered the same day when the Organization?s IT team was notified by employees who received the original phishing emails.

File Type: pdf
File Size: 616 KB
Categories: 2020