Meal delivery service DoorDash said on Thursday a data breach may have led to information related to 4.9 million customers, delivery executives and restaurants being leaked.

The data was accessed by a third-party service provider on May 4, the company said on a blog post.

The last four digits of payment cards for some consumers and the last four digits of the bank account numbers for some delivery executives and restaurants may have been leaked.

The data may have also included profile information such as names, emails, delivery addresses, phone numbers, as well as the driver’s license numbers of nearly 100,000 delivery executives.

The San Francisco-based company got to know of the breach earlier this month and said it was investigating the incident. Users who had joined after April 5, 2018, were not affected, DoorDash said.