In late June, hackers managed to access an unknown number of Sprint accounts by exploiting a security loophole on Samsung’s “add a line” website, according to a new report from ZDNet.

According to Sprint, which sent out a letter to impacted subscribers, some of the information possibly accessed by the hackers includes the following: first and last names, phone numbers, billing addresses, device type, subscriber ID, account number, account creation date, upgrade eligibility, add-on services, and more.

Sprint was made aware of the hack on June 22 and reset the pin numbers of impacted users just a few days later. Sprint also made a point of emphasizing that the information accessed by the hackers shouldn’t create a “substantial risk of fraud or identity theft.”

What remains unclear, though, is how long the hackers had unfettered access to the information above. Sprint referenced the date they were made aware of the attack, but didn’t provide information as to how long its data may have been vulnerable.

In a statement provided to CNET, a Sprint spokesperson said the following:

We recently detected fraudulent attempts to access Sprint user account information via Samsung.com, using Sprint login credentials that were not obtained from Samsung. We deployed measures to prevent further attempts of this kind on Samsung.com and no Samsung user account information was accessed as part of these attempts.