Affected data included information maintained within the company’s personnel records – including critical data like Social-Security numbers, driver’s license numbers, and passport numbers.