ICANN has released the results of the second phase of its investigation into the improper access to the the New gTLD Applicant and GDD (Global Domains Division) portals, first reported on 1 March 2015. ICANN now believes that over 60 searches were made resulting in the unauthorised access of more than 200 records using a limited set of user credentials.When they announced the results of the first phase of their investigation on 30 April, ICANN said there had been unauthorised access resulted from advanced searches conducted using the login credentials of 19 users, which exposed 330 advanced search result records, pertaining to 96 applicants and 21 registry operators. These records may have included attachment(s). These advanced searches occurred during 36 user sessions out of a total of nearly 595,000 user sessions since April 2013.ICANN explains the difference is due to the majority of users who viewed data accessing:

• “information pertaining to another user through mere inadvertence and the users do not appear to have acted intentionally to obtain such information.” According to ICANN “these users have all confirmed that they either did not use or were not aware of having access to the information. Also, they have all confirmed that they will not use any such information for any purpose or convey it to any third party”
• “information of an organisation with which they were affiliated. At the time of the access, they may not have been designated by that organisation as an authorised user to access the information.”

ICANN will continue to provide information and respond to questions from affected parties as we continue our investigation.