P2021-ND-059

On or around September 19, 2019, the Organization’s IT staff discovered that unauthorized spam messages containing malicious links that harvested credentials had been sent from the email account of one (1) of its employees. The incident took place between September 17, 2019 and September 19, 2019. The Organization took immediate steps to secure the affected account, engaged external legal counsel and a third-party cybersecurity firm to investigate the incident. The Organization’s investigation confirmed that a total of seven (7) of its email accounts were likely compromised as a result of a phishing attack.

File Type: pdf
File Size: 189 KB
Categories: 2021