At the time of the incident, the Organization obtained information technology (IT) services, including cloud hosting, from a third party, Sandbox West Cloud Services Inc. (Sandbox). On or about February 11, 2023, Sandbox was victim to a ransomware attack. Sandbox first notified the Organization on February 12, 2023. On March 19, 2023, Sandbox provided the Organization with supplemental information; a letter confirmed “threat actors” conducted a “ransomware attack” and advised all “customers” about the potential for “a data breach.” On April 6, 2023, the Organization reported unsuccessful attempts to obtain details from Sandbox about the incident, including whether or not personal information was accessed without authorization, or exfiltrated.

File Type: pdf
File Size: 741 KB
Categories: 2023