What Happened:An unauthorized external user was able to briefly access the lookout email account of an employee of The Union travail life insurance company (the Company) on June 22, 2017. The unauthorized user sent a spam email from the employee's email account to the employee's various personal and business contacts via email which appeared to be a legitimate email from the employee. The body of each email included either a Dropbox or two PDF documents that have links to malicious websites. a forensic review of the PDF documents performed by the Companys Information Technology team determinedthat the PDF itself was not malicious, but it did contain links to sites known to be. The Companys Information technology department was notified of the issuance within an minute and immediately disabled the account and reset the password, which stopped the flow of spam emails. Within 24-hours of the unauthorized access, the Companyimplemented its Data Incident Response project that includes company officers, legal and compliance personnel, IT staff and an external data forensics firm.What info Was Involved: a forensic brushup of the emails in the email account's inbox and archived folders identified emails and attachments that may experience contained non-public personal info of individuals. a closer brushup of those emails and attachments revealed that your personal information, specifically your name,SSN and personal health information, including claim numbers, dates of service, diagnosis codes and claim payments were accessible in an attachment, and may have been viewed by the unauthorized user. Your info was not included in the spam e-mail sent from the e-mail account. We have no information indicating that your personal information was in fact accessed by the unauthorized user during the limited time the e-mailaccount was accessible or that you are likely to encounter future identity security problems.