The website of gaming company Big Fish Games was recently compromised by hackers who got away with the personal and financial information of an unknown number of customers.

“An unknown criminal installed malware on the billing and payment pages of our website that appears to have intercepted customer payment information,” the company CTO, Ian Hurlock-Jones, explained in a notification letter sent out to customers who may have been affected.

“Your information may have been affected if you entered new payment details on our websites (rather than using a previously saved profile) for purchases between December 24, 2014 and January 8, 2015. Your name, address, and payment card information, including the card number, expiration date, and CVV2 code, may have been among the information accessed,” the letter continued.

The compromise was discovered internally on January 12 and the malware has since been eradicated. The notification letter was sent out a month after discovery, on February 11.

Those who have been affected have been given a year’s membership to identity protection services and advice on how to ensure they don’t fall victim to fraud.

Card numbers, expiration dates, and CVV2 codes “may have been among the information accessed”, meaning that it’s feasible that those who have the stolen data could carry out card-not-present transactions.