Solara Medical Supplies reported on November 13 that its system was exposed for several months earlier this year after several employees fell for a phishing scam giving access to their Office 365 accounts to an unauthorized person.

The illegal access was discovered on June 28, 2019 and a further investigation found the data breach existed from April 2, 2019 to June 20, 2018, the company reported. The compromised information included customer and employee first and last names and one or more of the following data elements: name, address, date of birth, Social Security Number, employee identification number, medical information, health insurance information, financial information, credit/debit card information, driver’s license/state ID, passport information, password/PIN or account login information, billing /claims information, and Medicare ID/Medicaid ID.

The company did not report how many people were impacted.

Solara said it has reset the passwords on the affected accounts, is reviewing its cybersecurity policies and has notified the people affected.