P2021-ND-180

National Intramural and Recreational Sports Association

The Organization uses a third-party service provider for e-commerce. On or around May 7, 2020, the Organization?s third-party vendor reported a known vulnerability impacting the Organization?s systems. The Organization investigated the vulnerability, and on May 26, 2020, became aware of suspicious activity on its e-commerce site. It was discovered that an unauthorized party exploited the vulnerability on April 6, 2020, exposing personal information. The Organization reported ending the breach on June 3, 2020. On July 13, 2020, the Organization?s investigation determined that personal information was exposed in the incident. Personal information was exposed for approximately 58 days.

File Type: pdf
Categories: 2021
Tags: Unauthorized access