The incident occurred between May 27 and 31 2023, before MOVEit Transfer vulnerability was publicly disclosed