P2021-ND-101

On June 13, 2019, the Organization’s third party service provider, responsible for maintaining the ecommerce platform, noticed an unauthorized script. The Organization investigated and determined an unauthorized third party gained access to the ecommerce platform and placed a script allowing personal information to be collected as transactions were made on the site. The unauthorized third party was able to access the ecommerce platform remotely by using the username and password of an employee of the Organization. The incident affected purchases made between June 10, 2019, and June 13, 2019.

File Type: pdf
File Size: 606 KB
Categories: 2021