Activision staffers learned of a December 2022 data breach at the gaming firm only days ago, and not from their employer.

As reported by TechCrunch, the leak was made public when malware research group vx-underground, a platform that says it has the largest collection of malware source code, shared the details on Twitter.

The site notes that hackers obtained data such as employee names, work email addresses, telephone numbers, and for some, the location of their offices.

“This is a problem. If there is employee’s information involved, they should have disclosed the breach,” an anonymous source told the publication.

According to a statement from Activision, neither sensitive employee data, game code, nor player information was obtained in the hack.

TechCrunch adds that California, where the company is headquartered, has a law requiring companies to notify victims of data breaches, but the employee information reportedly taken doesn’t count under that law’s definition of “personal information,” which includes driver’s license, social security, and passport numbers.