Outcomes - Selected Case Summaries



Phishing Attack at Financial Services Company

Informal Resolution | 11 February 2020

A fund services company in Canada – a sister company of a Cayman Islands-based company – suffered a phishing attack that caused a data breach involving data on employees and over 2,000 external data subjects, including many who were based in the Cayman Islands. The company notified us and the data subjects in accordance with the requirements of the DPL.

We investigated the matter, but found no evidence that the threat actor downloaded the contents of any email messages from the compromised account, or that other systems (other than email) were affected. We were satisfied with the technical and organizational measures taken by the company to contain and mitigate the breach.