The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.
The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).