On December 17, 2019, the Organization became aware that an unknown and unauthorized actor had altered an employee’s email account settings to automatically forward all incoming emails to an unrecognized email address. The Organization determined that all emails received by the employee on or after October 23, 2019 until December 17, 2019 had been automatically forwarded to the unrecognized email address.
The total number of emails forwarded totalled 3,667. The Organization reviewed each of the 3,667 emails and determined that personal information of 262 individuals (including four employees) were contained within the emails.
The Organization discovered the breach on December 17, 2019 as the result of an automated warning from the email server provider. Organization was not able to conclusively determine the method by which the unauthorized actor gained access to the employee’s email account, but suspects that their password may have been compromised.

File Type: pdf
File Size: 620 KB
Categories: 2020