On the heels of hacks hitting artist funding site Patreon and a database of 15 million people who applied for T-Mobile accounts comes word that online stock brokerage Scottrade has suffered a breach that exposed the personal information of 4.6 million customers.

Scottrade officials said in an online advisory that the breach happened in late 2013 or early 2014 and exposed social security numbers, e-mail addresses and “other sensitive information,” whatever that may be. While all that data was available for the taking, the advisory said the attackers appeared to target client names and street addresses. The notice never made it clear if password data was also accessed, but unhelpfully, the officials said, “Client passwords remained fully encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”

Remarkably, the officials leave it up to customers to decide whether they should change passwords. Out of an abundance of caution, Ars recommends that all Scottrade users change their passcodes ASAP, both on the brokerage site and any other sites that may have used the same credentials. The officials said they learned of the breach after receiving information from federal law enforcement investigators. Scottrade is offering a year of free identity protection services to all 4.6 million people whose details were included in the compromised database.