P2021-ND-079

CDSPI

The Organization is a specialized Chartered Accountancy practice and provides tax consulting services to various clients. On February 22, 2019, the Organization was notified that one of is independent contractors had received a text message from an unidentified individual stating that the individual had gained access to and downloaded the Organization’s client data. The Organization took precautionary steps and changed all passwords for its remote access capabilities and locked down its servers. On February 25, 2019, the Organization was notified by seven (7) clients that they had received a suspicious email from an unidentified individual claiming to have stolen their ?client data including project reports, emails, audits, financial statements etc.? from the Organization. The email did not provide proof that the client data was in the individual?s possession. The email asked the recipients to name a price for the data not to be published. On February 27, 2019, the Organization determined that a former short-term employee had unlawfully downloaded data from the Organization’s network to a remote server between January 28, 2019 and February 20, 2019. The Organization determined that individuals affected by this incident are employees of its clients. The former employee has since been arrested and charged.

File Type: pdf
Categories: 2021
Tags: Loss