Cybersecurity firm UpGuard reported Monday that a cloud-based file repository owned by financial publishing firm Dow Jones & Company, which had been configured to allow semi-public access exposed the sensitive personal and financial details of millions of the company’s customers.

According to the security firm, while Dow Jones has confirmed that at least 2.2 million customers were affected, UpGuard calculations put the number closer to 4 million accounts.

The cyber firm reports that exposed data includes the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron’s.

Also exposed in the cloud leak were the details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations, said UpGuard.

It is not known if any malicious actors have had access to the Dow Jones repository, but the data would come in handy for spammers, phishing expeditions and other more malicious purposes. Dow Jones has not notified customers of the data breach.