On May 4, 2019, an unauthorized party gained access to a treasure trove of user data from food delivery service DoorDash. Nearly 5 million members, workers and merchants of the company had data stolen, ranging from names and addresses to order history to their drivers license number.
DoorDash announced the breach late Thursday, noting that the cyber criminals had also gained access to the last four digits of some consumer payment cards and bank accounts. The company says the full information was not accessed, though, and the thieves had insufficient information to make fraudulent charges to those accounts. 100,000 workers had their driver license numbers accessed.
The company says users who joined after April 5, 2018 were not affected by the breach. Anyone who joined prior to April 5, 2018, is vulnerable, however.
DoorDash, which came under fire earlier this year for its tipping practices, says it’s reaching out to users it believes were impacted, but if you’re nervous about your information being available on the black market, there are some steps you can take to provide ease of mind.
Step 1: Check your accounts for fraudulent activity
Most Americans don’t keep close tabs on their checking and saving balance and don’t examine every item on their credit card bill—and hackers count on that.
Step 2: Set up credit monitoring
This can ensure no one is using your personal information. DoorDash has not offered any credit monitoring subscriptions to users, saying the information taken is insufficient to make fraudulent charges. There are several third party companies that will watch out for you, though, which don’t charge an exorbitant amount.
It’s also not a bad idea to sign up for a credit monitoring service, such as Equifax’s TrustedID Premier (though Equifax had a notable data breach of its own in 2017) or CreditKarma.
Step 3: Credit freeze
If you’re especially worried about identity theft, consider a credit freeze, which prevents new credit from being issued without your direct permission.
“Your best protection against someone opening new credit accounts in your name is the security freeze (also known as the credit freeze), not the often-offered, under-achieving credit monitoring,” notes the U.S. Public Interest Research Group.
Step 4: Monitor other accounts
Keep an eye on other accounts, especially if you use a shared password for those and you’ve been the victim of a previous data breach.
Step 5: Change your passwords
It’s time to change your passwords again. Yes, it’s a pain, but it’s a critical step, especially if you’re using the same password on multiple sites.
More must-read stories from Fortune:
—The cheapest mobile plans for your iPhone 11
—What is quantum supremacy, and why is it such a computing milestone?
—Beyoncé was sued for violating the Americans with Disabilities Act. And you could be, too
—Meet the women leading Netflix into the streaming wars
—Why Discord is one of tech’s hottest startups
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.