cbdMD, Inc., a producer and distributor of cannabidiol (CBD) products, revealed that its e-commerce platform underlying retail website cbdmd.com was modified by an unauthorized third-party to include malicious code, according to an 8-K filing with the Securities and Exchange Commission on Friday after the market close.

According to the securities filing, “the malicious code created a risk that customer-input elements on the webpage may have been skimmed by an unauthorized third-party.” cbdMD said it could not confirm what customer data may have been affected. The company will be providing notice of the incident to customers who may be at risk starting Monday. The potentially at-risk customers will also be offered one year of identity monitoring for free.

cbdMD has notified federal law enforcement and is cooperating with their investigation.

The company has also implemented security measures hoping to prevent similar incidents in the future.

cbdMD, which sells CBD products ranging from bath bombs to gummies, rose 7 cents, or 3.55 percent, to end Monday’s session at $2.04.

The North Carolina Business News Wire reached out for further comment and has not heard back by the time of publication.