P2021-ND-048

Alberta College and Association of Opticians

On May 14, 2020, an employee of the Organization detected a possible phishing attack and investigated. The Organization discovered that an employee?s smartphone SIM card had been ported to a new carrier by unknown external actor(s) who used the SIM to access the employee?s Google account, and then the Organization’s systems through Google?s single sign-on interface, and to download a database of customer information.
The accounts of at least 11 customers were accessed and the designated email addresses for these customers were changed. However, the perpetrators were not able to effect cryptocurrency withdrawals from any of the accounts.

File Type: pdf
Categories: 2021
Tags: Unauthorized access