P2022-ND-002

Co-operators Group Ltd.

One of the Organization?s insurance claims vendors suffered a malicious attack. On March 14, 2021, a rogue actor compromised the email account of an employee of the vendor. Seven separate connections were made to the email account on this date. The exact duration of those connections is unclear at this time. The rogue actor had the ability to access the email account, but it is unclear to the Organization what was accessed inside the email account or whether anything was exfiltrated. Phishing emails were sent to other individuals that were made to look like they were sent from the affected employee. On March 26, 2021, the vendor notified the Organization of the incident. The root cause of the rogue actor’s ability to compromise the email account is unknown at this time. The Organization reported that each individual entity noted in this report is responsible for the personal information in this breach.

File Type: pdf
Categories: 2022
Tags: Unauthorized access