On December 27, 2020, the Organization?s core IT infrastructure (“systems”) were encrypted with ransomware. The Organization received a ransom note that indicated the data, including personal information, had been accessed and extracted by the threat actor and that, absent payment, sensitive data would be released. The Organization investigated and determined the cause of the incident was a phishing attack. An employee opened a phishing email, which contained a malicious document. The Organization reported, ?there is no information indicating that any personal information that was taken has been published or distributed by the threat actor?.

File Type: pdf
File Size: 600 KB
Categories: 2021