On March 5, 2021, the Organization detected unauthorized access to user accounts. It reported the unauthorized access was the result of a credential-stuffing attack. An investigation determined that the credentials were not obtained from the Organization?s network. Instead, it is believed that the unauthorized actor obtained user account credentials from a third party. Subsequently, individuals who re-used the same username and password combination for other services, as obtained by the attacker from the third party, were affected in the incident.