Customers’ names, addresses, e-mail addresses, credit or debit card numbers, expiration dates and CVV codes may have been accessed.