DoorDash revealed Thursday that 4.9 million users, vendors and delivery workers were exposed in a data breach. In a blog post, DoorDash announced that an unauthorized third party accessed some user data on May 4, 2019, and detailed the steps the company took to restrict the breach.

Profile information, including names, email addresses, delivery addresses, order history and phone numbers, were accessed in the breach. Credit card information was also gathered, but the company stressed that the data collected would not be enough to make fraudulent charges. According to the blog post, users who joined after April 5, 2018, are not affected.

“We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform,” the blog post reads. “We are reaching out directly to affected users."

The company said it had to cut off access to the breached information and improve security systems by adding additional protective security layers around the data, improving security protocols that govern access to its systems and bringing in experts to increase its ability to identify and repel threats.

According to TechCrunch, about 100,000 delivery workers also had their driver’s license information stolen in the breach.

This news comes almost one year after customers complained that their accounts had been improperly accessed and that fraudulent food deliveries had been charged to their account. Many of these cases resulted in an email address change on the account to restrict access by someone other than the authorized account holder. DoorDash initially denied that any breach took place during that time but has since announced that this breach did take place and are currently reaching out to any affected parties.

Despite DoorDash saying that no user passwords have been compromised during this breach, they are encouraging users to change their passwords if they have any concerns about their security.