The Insured school reported to Underwriters that they had discovered malware which had been installed on the School’s Domain Name System (DNS) Server which hosts encrypted user passwords. Upon discovery, the Insured appointed a pre-approved Breach Counsel for assistance in handling the incident. Working with Breach Counsel, the Insured confirmed that the system affected did not contain any personally identifiable information, but it did leave a vulnerability: namely, that the third party who accessed the information could move laterally between other school systems to gather additional information. A full forensic investigation was then conducted. The investigation found that a crypto currency mining program was installed on the schools system, and that the third party had used the DNS information to scan additional networks for mining purposes only.