On October 27, 2020, the Organization?s human resources team uploaded certain personal employee information via a secure portal to a new group benefits and insurance provider for migration into the service provider?s systems. On November 4, 2020, an employee of the service provider inadvertently emailed a document containing the information at issue to an incorrect email address. The service provider confirmed the email was received by an active account in the “Hotmail” domain. The service provider advised the Organization of the breach on November 30, 2020.
File Type: pdf