On May 12, 2020, a customer contacted an employee of the Organization to validate an email request the customer received from the employee regarding changes to a payment bank account. The employee confirmed no such request was made. The Organization investigated and determined that the employee?s email account had been compromised since May 1, 2020. An unauthorized email forwarding rule was automatically transferring emails to an external address. The employee?s password was most likely compromised via phishing emails. The unauthorized party did not gain access to the Organization?s IT systems or infrastructure.

File Type: pdf
File Size: 628 KB
Categories: 2021