UnitedHealthcare has been subpoenaed by the Rhode Island Attorney General’s office in connection to a cybersecurity incident that exposed the information of thousands of people.

AG Peter F. Neronha’s office learned of the “significant information security breach” on Dec. 23, with the event first detected on Aug. 5, 2021, the Boston Globe reported Wednesday. The subpoenas, which also include the Rhode Island Public Transit Authority (RIPTA), claim the incident may have occurred after “one or more” entities strayed from standard information safeguards.

About 5,000 people associated with RIPTA were affected, along with thousands of additional state employees. According to the state Department of Administration, RIPTA takes part in the state’s health insurance plan and a previous insurance company—UnitedHealthcare—“incorrectly shared” employee data with RIPTA.

State officials are asking for information about what happened, what protections were in place to prevent the incident, how the organizations reacted and how they communicated the attack to law enforcement and victims, according to the news outlet. UHC and RIPTA have 30 days to provide the relevant information.

“We are working directly with the attorney general’s office on their investigation and cannot provide further public comment until they complete their review,” UHC spokesman Tony Marusic told the news outlet.

Read the entire story below.