Beggars Group — the company that includes 4AD, Matador, Rough Trade, XL Recordings, Young Turks, and other labels — has announced that they were hacked and have notified customers who used their online stores from 4/28/15 through 5/4/16 that their confidential information may have been obtained by an unauthorized third-party. This includes “customer’s name, address, phone number, email address, payment card number, expiration date and security code (CVV), and account password for the website on which the customer placed an order.”

In a letter obtained by Pitchfork, Matador president Patrick Amory explains what happened:

On May 4, 2016, we were advised by our third-party website developer that it had identified and removed suspicious files from the e-commerce websites of the record labels for which Matador Direct is the distributor. We quickly began an investigation and hired a third party cybersecurity firm to assist us. Findings from the investigation show that if a customer attempt to or did place an order on one of the affected websites from April 28, 2015 to May 4, 2016, information associated with the order being placed may have been obtained by an unauthorized third-party.

All passwords to Beggars Group-affiliated online accounts have been changed as a security precaution. Customers with questions can contact the Matador Direct dedicated call center at (877) 218-0056, Monday through Friday, from 9 a.m. to 7 p.m. EST and provide reference number 7631070716.