P2020-ND-109

CPA Western School of Business

An employee with the Organization clicked on a phishing email, which created a rule that auto-forwarded incoming email messages to an unknown third-party, moved the messages to a rarely-used Outlook folder in the employee’s Outlook, and deleted information from the sent folder without the staff member?s knowledge. The “hacked” emails sent to the employee’s work email account were from applicants responding to fabricated job postings that the hacker created after having opened a fraudulent account for the Organization on Indeed.com. A total of 364 messages were forwarded from the employee’s work email account between April 17 and April 30; a review found that the emails included the personal information of 22 individuals.

File Type: pdf
Categories: 2020
Tags: Unauthorized disclosure