Case Study - Local Government needed to understand the impact of a suspected ongoing breach.

What was the scope of the breach? What type of data was stolen (i.e. PII, PHI, Financial, etc.)? Has the breach been contained? Do they need to report the breach? Is a breach notification required?