Between December 24 and December 26, 2020, the Organization was subject to a cyberattack involving unauthorized access to their SharePoint environment. The incident was discovered on December 25, 2020, when the threat actor contacted the Organization, claiming to have hacked into the Organization’s system. Upon investigating, the Organization found that the incident resulted from use of credentials that a third party service provider included in an email. The Organization uses a third party service provider who had an employee working on a project for the Organization at the time of the breach. The third party indicated that an employee?s account names and passwords were uploaded in plaintext to a public repository. On January 14, 2021, the Organization confirmed the threat actor had exfiltrated personal information and made the records publicly available on the dark web. The Organization did not report attempting to remove the compromised records from the dark web.
P2021-ND-009
File Type:
pdf
File Size:
624 KB
Categories:
2021