The Bayside Covenant Church of Roseville, Calif. reported that for three months last year unauthorized personnel accessed some employee information.

In a statement, the church said access was gained to certain email accounts through a still unknown means, from Aug. 3, 2018 to Oct. 20, 2018. The information exposed included names, addresses, Social Security Numbers, passport numbers, driver’s license numbers, financial account information, medical information, health insurance information, usernames and passwords for online accounts, and emails and passwords, the church said.

The church has hired a forensic team, locked down the accounts affected, and notified the people impacted.

Bayside Covenant and its consultants have not been able to determine exactly whose data was illegally accessed, or if the malicious actors have used or attempted to use the data.