On July 8, 2020, an employee received a phishing email from an unknown third party. The email included a hyperlink to a page on which the employee entered their username and password. On July 20, the credentials were used to access the employee?s email account and an internal software program, and to send further phishing emails to employees and addresses in the email account. Five other employees subsequently entered their credentials. The unauthorized activity was identified on July 21, 2020. An investigation found documents containing the information at issue were accessed.

File Type: pdf
File Size: 607 KB
Categories: 2020