In our report, we laid out the methodology used by the government to determine the risk level and the verification level required.
In this specific case, the departments considered it to be a level 2, which required verification, but not multifactor verification. That is what allowed the breach to occur. We said in our report that level 3 is related to situations that cause moderate harm, both financially and health-wise. We indicated that, in our opinion, the potential loss of thousands of dollars could certainly have a considerable impact on people, including on their health. They get stressed and they struggle. Financially, people could have their wages garnished and then have to go through a process.