Early in 18, popular cellphone maker OnePlus revealed it had coughed up credit card information on over 40,000 users in a data breach, and now it’s informing users of another one. This time, while the website the source of the breach, the company believes payment is unaffected, however information exposed may include “name, contact number, email and shipping address” from orders made on its site.

Impacted users should have received an email notifying them of the incident, and should keep an eye out for possible phishing attempt used on the stolen information. The company said in the email and an FAQ published about the situation that “we are partnering with a world-renowned security platform next month, and will launch an official bug bounty program by the end of December.”