The cyberattack occurred in April after a hacker used social engineering to deceive an employee and gain access to the company’s IT system

Six million people's personal information is believed to have been accessed by hackers.

An April social engineering attack on an employee account compromised names, dates of birth, and government-issued ID numbers