P2021-ND-266

On August 24, 2020, the Organization discovered that a third party gained unauthorized access to the e-commerce platform of DynaTrap, a subsidiary of the Organization. A vulnerability on the e-commerce platform allowed for unauthorized installation of code on compromised systems. Data sent to and from the e-commerce platform between August 24, 2020, until September 9, 2020 may have been intercepted. On September 9, 2020, the access was terminated. The Organization investigated and identified the potentially compromised data with assistance from its IT experts. While there was no positive evidence of data exfiltration, the possibility could not be ruled out given that the attackers had access to the systems.

File Type: pdf
File Size: 617 KB
Categories: 2021