P2021-ND-234

On June 3, 2019, the Organization?s internet service provider upgraded its modem to a newer model; however, the new modem was not set up with the same privacy settings as the old modem. On February 19, 2020, the Organization was notified by one of its clients that a tax document from 2015 stored on the back-up drive at the Organization?s office had been accessed by his bank?s security department. Upon review of the drive, it was determined that files belonging to the client and his family had been removed, but no other client files were missing. A forensic investigation to determine the scope of the data potentially accessed and the extent of the potential compromise was inconclusive. The Organization reported there was no malware or ransomware detected on the computer and there is no evidence that personal information other than those relating to the client and his family were actually removed from the back-up drive.

File Type: pdf
File Size: 619 KB
Categories: 2021