An unauthorized individual sent an email to certain of the Organization?s employees that contained an attachment through which the individual appears to have gained unauthorized access to the employees? email accounts. The email accounts contained certain personal information about individuals who have transacted business with the Organization. The Organization discovered the incident on October 24, 2018, after identifying unauthorized emails sent from an employee?s email account. The Organization?s investigation found that an unauthorized user(s) gained access to two email accounts and, while there, could have accessed certain personally identifiable information stored in the accounts. The breach occurred on September 21, 2018 and ended on October 2, 2018.