A vendor used by many Volkswagen Group dealerships across the United States and Canada has been involved in a data breach impacting more than 3.3 million customers and prospective buyers.

VW of America revealed in a statement late last week that Shift Digital, a vendor used by Audi, Volkswagen, and some authorized dealerships across North America had an electronic file that gathered data from sales and marketing between 2014 and 2019 which was left unsecured. VW says customers have had their phone numbers and email address potentially compromised while in some cases, data that was compromised included information about vehicles that were purchased, leased, or inquired about.

Read Also: VW To Receive $351 Million In Dieselgate Settlement With Former Execs

Additionally, Auto News reports that 90,000 Audi customers and prospective buyers had sensitive data breached relating to purchase and lease eligibility, including compromised driver’s license numbers. A small number of records also included dates of birth, Social Security numbers and account numbers.

“We believe the data was obtained when the vendor left electronic data unsecured at some point between August 2019 and May 2021, when we identified the source of the incident,” Audi of America president Daniel Weissland said in an email to dealers, adding that the information “does not affect all dealers, but will affect most, if not all, dealers that use the Enterprise Lead Management (ELM) program offered through Shift Digital.”

VW revealed in a statement that information relating to no less than 3.1 million Audi customers or interested buyers in the U.S. and approximately 163,000 in Canada were compromised. The carmaker added that it will offer free credit protection services to approximately 90,000 of those impacted that had details such as driver’s license numbers, Social Security numbers, account numbers, and dates of birth breached.