Between October 9 and 11, 2021, a database under the control of the Organization was accessed without authorization. The Organization reported that it ?…initially became aware of unusual activity on its website on October 11, 2021, when its system automatically generated an error email.? At that time, the Organization disabled its website, investigated, and quarantined suspicious files. On October 21, 2021, the Organization ?received an email from an anonymous perpetrator alleging that he/she had downloaded the Company’s database and user documents.? An investigation determined that a vulnerability in certain website functionality was exploited, enabling the threat actor to upload and execute a malicious file.
File Type:
pdf
File Size:
667 KB
Categories:
2021