DoorDash disclosed that the last four digits of some consumer payment cards were also compromised in the breach, but no full payment information — including complete card numbers or CVV security codes — were accessed. Perhaps most troublingly, the full driver’s license numbers for approximately 100,000 DoorDash drivers were compromised in the breach.

DoorDash claims that, in response to the incident, it has added a number of additional security layers to protect user data and has improved the security protocols that allow access to its systems. The company is reaching out to individual users affected by the breach, but the company has not disclosed any additional action that needs to be taken by affected users at this time.

The email’s author said they infiltrated 110 databases that contain sensitive data, including “critically confidential” information. They also claimed that their attack affected 5 million Bulgarian citizens, foreign citizens and companies — an enormous number for a country with a population of 7 million. In an announcement posted on its website on July 15th, the NRA said that local media received an email with a download link for files allegedly belonging to the Bulgarian Ministry of Finance.

The self-proclaimed hackers also told the media in the email that the initial leak only contains 11GB of data, and that they have 10GB more in their hands. Bulgarian newspaper 24 Chasa, Reuters said, reported that one emailed file contained over 1.1 million personal ID numbers with people’s income and healthcare information, as well as social security numbers. Further, some of the records dated back to 2007.

Bulgarian Finance Minister Vladislav Goranov said, however, that while millions of records were involved, the leaked information wasn’t classified and didn’t endanger financial stability.

The attackers’ motives and point of entry aren’t entirely clear at this point. “The state of your cybersecurity is a parody,” the hackers reportedly wrote in the email, indicating that they wanted to highlight the NRA’s lack of strong cybersecurity measures. Officials also believe that they might have gained access to the agency’s database by exploiting a weakness connected to filing tax returns from outside the country.

In all, they were able to steal around 4,000 unique details. Those include member names, job titles, email addresses (some personal, some government-owned), physical addresses, as well as phone numbers. Since the hackers told TC that they only had to use publicly known exploits to gain entry, the websites must have been in dire need of an update.

The hackers also said they have over a million pieces of information on federal agents and are planning to publish more data from hacked government websites in the future. Seeing as this is far from the first security breach to affect federal workers, the government and organizations linked to its agencies may want to think of more ways to beef up their security measures.