The company — in an email from CEO Tim O’Shaugnessy — said that users’ names, e-mail addresses, birth dates and passwords were compromised, The Washington Post reports.
While the company is at pains to point out that no credit card information — nor any financial info from its merchants — was stolen, it did say that the loss affected users across the world. Information from customers in North America, Europe, Australia and New Zealand was compromised. In South America and parts of Europe, users of its LetsBonus system were also affected.
The data that was stolen was all stored on one server. Users located in other areas — such as South Korea, Thailand, Indonesia and the Philippines — have their data stored on other servers, and their information remains secure.
The passwords that were lost were encrypted, a spokesman said. That should make it difficult for the hackers to use the passwords to access user’s accounts. Nevertheless, the company is requiring that all customers whose data was exposed change their passwords.