At 14:17pm (GMT) 28th November 2019, we received an email informing us that one of our API endpoints had a bug exposing private information (full name, email, and marketing opt in) of some of our customers.