NEW YORK (AP) — The Securities and Exchange Commission is now saying that at least two people had their personal information stolen in the breach that happened last year.

The SEC disclosed on September 20 that hackers last year broke into its system that allows companies to digitally upload their documents, commonly known as EDGAR. Originally government investigators believed that no individuals’ information was stolen, but an investigation after the original disclosure found that not to be the case, the SEC said in a statement Monday.

ADVERTISEMENT

The two people impacted had their birthdates, Social Security numbers and full names accessed. The SEC says it will be providing the two people with identity protection.

Along with the personal information being accessed, the SEC continues to investigate whether the hackers were able to profit from having access to company information earlier than the rest of the investment public.

SEC Chairman Jay Clayton said that the SEC is also looking into how the agency handles cybersecurity and whether agency-wide changes need to be made, or new systems be put into place, following the breach.