Ticketmaster has confirmed that hackers who pulled off last month's breach stole email addresses, phone numbers, and encrypted payment card information.

The company is now sending data breach notifications to customers, nearly a month after the hacking group, ShinyHunters, claimed to have stolen 1.3TB of data from Ticketmaster — including information on 560 million users. 

A notification sent to Maine’s Attorney General, however, says only that the breach affected ">1000" people, making the true scope of the hack unclear. The emails to customers suggest the breach hit those who used Ticketmaster in the US, Canada, and Mexico. 

Ticketmaster didn’t immediately respond to a request for comment. But in a support document about the hack, the company says: “We are in the process of notifying relevant customers by either email or first-class mail. If you are not contacted, we do not believe your sensitive information was involved.”

Other stolen data includes "encrypted credit card information as well as some other personal information provided to us," Ticketmaster says. This suggests the hackers only stole the last four numbers and expiration dates of credit and debit cards—something the ShinyHunters group alluded to in May when they tried to sell the stolen information for $500,000. 

Ticketmaster blames the breach on hackers accessing an “isolated cloud database hosted by a third-party data services provider." Ticketmaster didn’t name the cloud provider, but evidence suggests the cybercriminals targeted Snowflake, which offers data storage solutions for hundreds of major companies. Security researchers from Google’s Mandiant arm have since said a hacking group dubbed “UNC5537” exploited poor password security to target as many as 165 organizations that used Snowflake. 

Ticketmaster will offer affected users 12 months of free credit monitoring. But it says “Ticketmaster accounts were not affected,” meaning users don’t necessarily need to update their passwords.