P2021-ND-039

On June 11, 2020, the Organization was contacted by a security researcher who claimed the Organization’s e-commerce site had been compromised. The Organization investigated and identified and removed unauthorized code form its ecommerce site on Friday, June 12, 2020. The code was capable of obtaining information entered by customers during the online checkout process and sending it out of the Organization’s system. Purchases made in Organization’s retail store locations were not involved. The Organization reported that the code was first added on April 7, 2020. There were several times from April 7 to June 12 when the added code was not present because of new code deployments.

File Type: pdf
File Size: 600 KB
Categories: 2021