P2020-ND-077

On March 18 2020, the Organization?s payroll services provider became aware of suspicious activity on its network. An investigation found that on January 25, 2020, an unauthorized third party gained access to one of the service provider?s servers. The service provider determined that the threat actor was able to remotely gain access to its systems via a remote desktop using name and valid password of an active customer account; however, it was unable to determine how the threat actor compromised the customer account to gain access to its environment. On April 8, 2020, the service provider determined that the threat actor also accessed a server that contained a file with personal information of the Organization?s current and former employees and/or pension or legacy benefits beneficiaries. The service provider could not determine whether the threat actor exfiltrated the file. On May 14, the service provider notified the Organization of the incident. The service provider and the Organization worked together to ensure that affected individuals were notified of the incident.

File Type: pdf
File Size: 631 KB
Categories: 2020