Users affected by the breach had participated in events organised by e2i or used its services between November 2018 and 12 March 2021, including job fairs, employability workshops or career coaching. Their personal data were shared with appointed vendors for "relevant employability services purposes", the institute said. E2i did not elaborate on why it took more than three weeks to announce the breach, but said in its statement Monday that it had "taken time" to make an impact assessment given the "complexity" of investigations into the incident. It noted that a malware had infected the email account of an employee at the third-party vendor, i-vic International, leading to the unauthorised access of the mailbox, which had personal data of the affected 30,000 individuals. These details included names, identification number, contact information, educational qualifications, and employment history. Affected individuals would be notified via email, SMS, or phone, it added.