The exposed elements contained the following fields:
Last Name, First Name, Email Address, Phone Number, Address, Country of Citizenship, Start Date of Visit, End Date of Visit, Qualcomm Escorts, Visit Type, Visit Purpose, Organization, Title, Visit Location, and if the visitor was a job applicant, the job position they were seeking and interview schedule (but not resume or CV).
We don’t believe that the type of information that was exposed raises serious threat of identity theft. Credit card information, government identifiers, or birthdates were not part of the exposed information. As a good practice, however, you should monitor your accounts and obtain a credit report on yourself on a regular basis.
Upon discovery of the unauthorized access into our systems, the company immediately began an investigation of the impacted systems to determine the nature and scope of the incident along with the specific data impacted. We have completed a rebuild of the impacted QVisit application and associated infrastructure to ensure the intrusion was contained and further access is prevented. We have also added additional cybersecurity monitoring to detect any future intrusion attempts. The intrusion has been reported to the federal authorities and we are notifying impacted individuals.
Attackers leveraged a remote-code execution vulnerability in the QVisit application to gain access to the underlying servers which host the application. The attacker was then able to download and run additional software which provided them login access to the compromised system. Analysis of the systems and available logs do not indicate the attackers took any further actions in the application or on the system.
You can find more information regarding phishing attacks at: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-s....
Given the nature of data that was breached, we do not believe credit monitoring is appropriate.