Around April 10, 2017, the Organization set up temporary remote access capability to allow an employee to remotely access his/her computer while the normal VPN equipment was repaired. On April 18, 2017, the employee noticed a strange User ID accessing the computer. The Organization investigated, closed the breach, and then determined that only the data physically stored on the affected computer was accessible during the course of the breach. The Organization reported that most of the data potentially accessible was corporate data; however the computer also contained personal information. The Organization believes that the hacker had potential access to personal information but has no way of ascertaining if any of the information was actually accessed.