On April 8, 2021, the Organization learned that one of its service providers had been the victim of a sophisticated, illegal ransomware attack which resulted in hackers gaining access to employee files containing personal information. The source of the intrusion appears to be when an employee provided their domain credentials in response to a phishing email and approximately 8 hours later, the attacker used the credentials to access the network remotely. This initial access appears to have been on January 6, 2021. The attacker does not appear to have engaged in actual data theft until approximately March 10, 2021 and did not copy ransomware onto the network until approximately March 17, 2021. On March 18, 2021, various members of the service provider?s executive leadership team received an email that appeared to be from the attacker. The email included limited information about data files that the attacker alleged to have stolen from the network because of the ransomware attack.
? On April 8, 2021, the service provider determined the nature and extent of the personal information impacted by this breach.
P2021-ND-145
File Type:
pdf
File Size:
619 KB
Categories:
2021