P2021-ND-293

Stella-Jones Inc.

On April 13, 2021, an employee with the Organization received a phishing email and did not realize it was not from a trusted source. The employee provided their username and password as well as multi-factor authentication code. The hacker then logged into the employee?s email and address book for several hours.? The Organization reported, ?There is no log showing the hacker copied this information, however he had access to it.? The hacker sent emails posing as a senior director of the Organization to external and internal contacts found in the employee’s email account. Attachments to the emails requested username and password. The breach was discovered on April 14, 2021 when several external contacts reported that they received phishing emails from the Organization. The incident ended on April 14, 2021.

File Type: pdf
Categories: 2021
Tags: Unauthorized access