? On or about June 14, 2021, the Organization identified unusual user activity on its network.
? The Organization determined an unauthorized third party was able to access a portion of its network using a compromised SSH key.
? The Organization disabled the compromised SSH key.
? The Organization reported that the unauthorized activity occurred between June 3, 2021 and June 12, 2021.
? Initially, the Organization believed only encrypted personal information had been accessed.
? On or about July 2, 2021, the Organization discovered that the encryption keys were also compromised and that non-encrypted personal information had been compromised.