That letter said that the accounts were breached sometime between Dec. 6 and Dec. 8, 2022. The company said that it was able to deal with the attack soon after it occurred, according to the letter.

The notification to users said (pdf) that 34,942 users were impacted by the incident and that unauthorized third parties gained access to their accounts. Those third parties, which were not identified, could view full names, dates of birth, Social Security numbers, addresses, and tax identification numbers.