P2020-ND-140

Law Society of Alberta

On March 18, 2020, the email account of an employee of the Organization was hacked and several hundred phishing emails were sent from the account to Organization staff and to approximately 700 external recipients. The email purported to send out documents from the employee and requested recipients enter their credentials. The Organization immediately discovered the incident and quarantined the employee?s laptop, reset the credentials, searched the system for the messages and deleted all internal messages with a soft delete. Within minutes, an email was sent to all staff to not open the email. The Organization reported that a review shows that no other users with the Organization were compromised; however, one member of the Organization opened the email and his account was hacked sending out dozens of phishing emails.

File Type: pdf
Categories: 2020
Tags: Unauthorized access