Retail giant Macy’s informed some online customers this week that sensitive personal data, including credit card information, had been exposed in a data breach.

Customers with profiles on Macys.com or Bloomingdales.com were told in a letter that an unauthorized party accessed some accounts from April 26 to June 12 using “valid usernames and passwords,” USA Today reported. The unauthorized user was able to access sensitive information such as home addresses, credit card numbers, expiration dates and phone numbers.

“We are aware of a data security incident involving a small number of our customers at macys.com and bloomingdales.com,” the company said in a statement to FOX Business. “We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures.”

Macy’s declined to specifically say how many online shoppers had their data exposed, but said the issue affected “one half of one percent of logged in users.” The retailer is offering free consumer protection services to affected customers.

The breached accounts will remain blocked until users reset their passwords. Affected customers were also instructed to contact their credit card companies.

Macy’s is just the latest of several companies to experience online data breaches. Adidas, Under Armour and Panera Bread have all dealt with security incidents in recent months.