P2020-ND-161

The Organization uses a service provider, Klaviyo Inc., to help deploy email to the Organization?s clients. On March 5, 2020, the Organization was made aware that Klaviyo suffered a security breach incident, which occurred between November 13-29, 2019. An unauthorized third party was able to manipulate parameters associated with URLs for Klaviyo?s ?unsubscribe? and ?update subscription? functions. This resulted in a successful auto-population of fields within these forms with personal information the unauthorized third party was not authorized to receive. The Organization reported it has not received any indication that any third party is using the email addresses.

File Type: pdf
File Size: 617 KB
Categories: 2020