On July 2, 2020, the Organization became aware of a credential stuffing incident involving attempts to access data from certain user accounts. The Organization reported that it appears an unauthorized individual(s) was able to log in to user accounts between June 28 and July 2, 2020, using valid usernames and passwords. The Organization?s investigation indicates that the credentials were not obtained from its systems, but rather from another site or app where the user used the same password. The Organization?s investigation was able to identify whether one or more profiles within an account were accessed, or may have been accessed. Based on the available logging data, however, the Organization cannot be sure in all cases which specific profile(s) within an account may have been accessed.
P2020-ND-186
File Type:
pdf
File Size:
613 KB
Categories:
2020