P2020-ND-117

On March 13, 2020, the Organization was notified by a U.S. law enforcement agency of suspicious internet activity. The Organization confirmed an unauthorized party exploited a vulnerability in a third-party technology it uses for web application delivery control and accessed a server containing personal information between January 11, 2020 to on or about March 27, 2020. The Organization reported that it cannot conclusively determine whether any data was accessed or exfiltrated, but, out of an abundance of caution, notified impacted individuals and recommended that they act as if their personal data was compromised.

File Type: pdf
File Size: 198 KB
Categories: 2020