January 2021

QVisit Cyber-Security Issue

What data elements were exposed in the incident?

The exposed elements contained the following fields:

Last Name, First Name, Email Address, Phone Number, Address, Country of Citizenship, Start Date of Visit, End Date of Visit, Qualcomm Escorts, Visit Type, Visit Purpose, Organization, Title, Visit Location, and if the visitor was a job applicant, the job position they were seeking and interview schedule (but not resume or CV).

Am I at risk of identity theft?

We don’t believe that the type of information that was exposed raises serious threat of identity theft. Credit card information, government identifiers, or birthdates were not part of the exposed information. As a good practice, however, you should monitor your accounts and obtain a credit report on yourself on a regular basis.

What have you done to address the incident?

Upon discovery of the unauthorized access into our systems, the company immediately began an investigation of the impacted systems to determine the nature and scope of the incident along with the specific data impacted. We have completed a rebuild of the impacted QVisit application and associated infrastructure to ensure the intrusion was contained and further access is prevented. We have also added additional cybersecurity monitoring to detect any future intrusion attempts. The intrusion has been reported to the federal authorities and we are notifying impacted individuals.

How did the incident occur?

Attackers leveraged a remote-code execution vulnerability in the QVisit application to gain access to the underlying servers which host the application. The attacker was then able to download and run additional software which provided them login access to the compromised system. Analysis of the systems and available logs do not indicate the attackers took any further actions in the application or on the system.

How can I recognize a spear-phishing attack?

You can find more information regarding phishing attacks at: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-s....

Will you be providing credit monitoring?

Given the nature of data that was breached, we do not believe credit monitoring is appropriate.

Where can I get more information?

If these FAQs don’t answer your questions, please send an email to privacy.notice@qualcomm.com

©2021 Qualcomm Technologies, Inc. and/or its affiliated companies.

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes Qualcomm's licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm's engineering, research and development functions, and substantially all of its products and services businesses. Qualcomm products referenced on this page are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell any of the components or devices referenced herein.