Tideswell said the last software commit made to its servers that didn't include the malicious code was made on August 6, making that the earliest possible date the breach likely occurred.