The Insured notified its insurers that it had recently fallen victim to a phishing email incident of which approximately seven employees responded, providing their credentials. The Insured was quick to engage Breach Counsel and Forensics to conduct a review of the systems, which Underwriters acknowledged as reasonable and necessary. An investigation began into some 1,100 employee Office 365 mailboxes. Forensics not only confirmed log-ons from 59 suspicious IP addresses from around the world, but also that a further 16 inboxes were compromised, meaning it was possible a full download of content could have taken place. Following this discovery, an E-Discovery vendor was appointed to scan the content of the inboxes for personally identifiable information (PII) and/or protected health information. It was found that 800 individuals’ PII was vulnerable as a result of the attack, including details of social security numbers and driver licence numbers, thereby necessitating Credit Monitoring Services. Notification letters were sent to individuals across 24 States and notice was also made to 8 regulatory boards in accordance with breach notification laws.