DoorDash disclosed that the last four digits of some consumer payment cards were also compromised in the breach, but no full payment information — including complete card numbers or CVV security codes — were accessed. Perhaps most troublingly, the full driver’s license numbers for approximately 100,000 DoorDash drivers were compromised in the breach.

DoorDash claims that, in response to the incident, it has added a number of additional security layers to protect user data and has improved the security protocols that allow access to its systems. The company is reaching out to individual users affected by the breach, but the company has not disclosed any additional action that needs to be taken by affected users at this time.

In response, Poshmark announced it conducted an internal investigation with support from a security forensics firm and “did not find any material vulnerabilities.” It has, however, “enhanced security measures across all systems to help prevent this type of incident from happening in the future.”

In a blog post, Poshmark advises users to change their passwords just in case. The accessed data does not include financial information or physical addresses, and affected users will be notified by email. The company added that hashed passwords are protected by encryption, which should make them difficult (but not impossible) to crack. This sort of data does, however, leave people open to the risk of phishing scams.

The company apologized for the breach, saying, “Poshmark is a platform built on love and transparency, and we’re committed to serving you, and our entire community, every step of the way. You are the core of our business, and without you, we wouldn’t be the community we are today. We sincerely regret any concern this may cause you, and we’re here to answer any questions you may have.”