The American Bankers Association, a major financial industry trade group that lobbies for stronger data protection laws, announced on Thursday that its computer systems had been breached and thousands of members’ personal information had been compromised.
On the same day, the organization declared that it would participate in National Cybersecurity Awareness Month, an awareness campaign that spans the month of October and is organized by the U.S. Department of Homeland Security as well as the non-profit National Cybersecurity Alliance, which includes board members from Microsoft (MSFT), Facebook (FB), Symantec (SYMC), Google (GOOG), and other big tech companies.
The association said that the attack affected users of it’s website’s shopping cart tool, which is mostly used by members making purchases or registering for events through aba.com. In total, the association counts 6,400 records—usernames and passwords—as having been compromised, a spokesperson confirmed with Fortune.
“We have seen no evidence that the hacker has also accessed credit card information or other personal financial information,” said Frank Keating, CEO and president of the association, in a statement provided to Fortune, which is also available online as part of an FAQ on the organization’s website. The statement also notes, however, that the data were posted online.
Translation: If you signed up for an ABA account and have reused that password for other online accounts, go change those passwords immediately.
The association said that the breach appears to be confined to its shopping cart tool. “To the best of our knowledge, ABA’s other systems are secure,” states the FAQ.
“ABA is working with a cybersecurity forensics company to identify the origin and full extent of this breach,” Keating said in the statement provided to Fortune, also available online as part of the FAQ. “We also continue to work with cyber information-sharing groups such as the FS-ISAC to identify threats, spot breaches and respond quickly.”
The irony is palpable, of course. The association often advocates before Congress for stricter policies and security standards to protect shoppers from security incidents such as these. It also hosts security tips for consumers on its website. The timing of the breach announcement with the association’s participation in the cyber awareness month appears to be an unfortunately timed coincidence.
The American Bankers Association is not the only participating member to announce a breach recently. Experian (EXPGY) announced that been hit with a breach on Thursday, too. Trump Hotels also recently announced a breach.
Subscribe to Data Sheet, Fortune’s daily business-tech newsletter.
For more on data breaches, watch this video below.
