On or about September 28, 2020, an employee downloaded and executed a malicious software (Chrome) update. The malicious update contained malware that enabled attackers to remotely access the Organization?s network without authorization. On October 25, 2020, approximately a month after the initial breach, the attackers encrypted various systems. The intrusion was detected on the same day when encrypted files and a ransom note were found. It is reported that the attacker was able to access the personal information of current and former employees stored on the Organization?s information systems during the attack.