Luxury goods store Neiman Marcus said Friday that it was in the process of notifying 4.6 million online customers that some of their data had been compromised as part of a data breach that took place last year.

According to the company, an unauthorized party obtained personal information associated with certain Neiman Marcus customers’ online accounts.

The personal information for affected Neiman Marcus customers varied and may have included names and contact information; payment card numbers and expiration dates (without CVV numbers).

Other information accessed by the hackers include Neiman Marcus virtual gift card numbers (without PINs); and usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts.

The company stated that it has taken steps to protect its customers, including requiring an online account password reset for affected customers who had not changed their password since May 2020.