On March 29, 2020, the Organization was the target of a malicious spear phishing campaign. Fifteen (15) email addresses of current employees and three (3) inactive email addresses of previous employees were targeted. Of the eighteen (18) targeted recipients, four (4) emails evaded the Organization?s spam filter. One (1) employee clicked on the link embedded in the email, which allowed the attacker to access the employee?s email profile. The unauthorized access resulted in a number of emails being forwarded to an unknown external email address, which contained the personal information of four (4) individuals. On April 20, 2020, the Organization?s IT Security team detected the activity, commenced an investigation, and contained and remediated the threat.