The account credentials of an employee of the Organization were compromised during a credential harvesting phishing attack against the employee on August 26, 2019. These credentials were used by an unidentified party to gain unauthorized access to the employee’s mailbox between August 30, 2019 and September 17, 2019. The unidentified third party had access to customer data contained within the email mailbox. There is no evidence the data was actually accessed or exfiltrated but this cannot be ruled out. The unauthorized access was first detected on September 17, 2019 when external contacts advised the employee about phishing emails sent by the unidentified third party from the employee’s email account.

File Type: pdf
File Size: 611 KB
Categories: 2020