On September 21, 2021, the Organization discovered it experienced an unauthorized access when the Ottawa Police alerted them to a “suspected data leak”. On September 27, 2021, the Organization found that exfiltrated records were publicly disclosed on the dark web. An investigation determined that “one of [the Organization’s] corporate data drives was improperly accessed and certain information was exfiltrated.” The Organization believes a third party remote access appliance – which was susceptible to a known vulnerability – may have been exploited “roughly 6 months prior to the reporting” of the incident (approximately April 2021).
File Type:
pdf
File Size:
664 KB
Categories:
2022