Woolworths, Australia’s largest retailer, revealed on Friday that a recent data breach affected the personal information of 2.2 million MyDeal customers.

Woolworths purchased 80% of the MyDeal online marketplace in September, but the company claims MyDeal systems are completely separate from its own, and that the incident had no impact on them.

A threat actor used a compromised user’s credentials to gain access to the MyDeal customer relationship management (CRM) system, according to the company.

This allowed the attacker to access MyDeal customer data such as name, email address, phone number, delivery address, and, in some cases, date of birth. Woolworths stated that only 1.2 million of the impacted customers’ email addresses were compromised.

“MyDeal does not store payment, drivers licence or passport details and no customer account passwords or payment details have been compromised in this breach. The customer data was accessed within the MyDeal CRM system and the Mydeal.com.au website and app have not been impacted,” the company explained.