CSIDIt’s no wonder they call it March Madness, this year’s NCAA tournament was particularly exciting between the upsets in the first two rounds and a National Championship that ended on a buzzer beater. If you followed along on the CBS Sports app, you’ll want to take note of the below.

According to mobile data management and security firm Wandera, the CBS Sports app and mobile website had a data leak during the NCAA Tournament, which may have compromised user data, including user names, birthdays, email addresses, account passwords and ZIP codes. Social Security and credit card numbers were not comprised.

Wandera says the site and app weren’t properly encrypted, and that they made the discovery unintentionally, while doing research on sports applications before March Madness began. With encryption top of mind for consumers, especially in the wake of the Apple and FBI battle, instances like these show that mobile apps and sites may still be vulnerable, whether or not they are encrypted.

To be clear, Wandera is not purporting an actual breach occurred, just that the data was not properly encrypted. CBS Sports has denied a data breach happened at all, and claims to rigorously monitor and test its platforms for potential issues.

Hackers are particularly attracted to large events like March Madness, as the surrounding excitement results in an uptick of traffic to sites or mobile apps. CBS Sports and Turner Sports provided exclusive coverage of the national championship game, and said the final match-up amassed 2.5 billion minutes of consumption across digital and TV platforms. Especially during these highly trafficked times, companies must be diligent in ensuring their content is secure.

Consumers can protect themselves as well—anyone using the CBS Sports app should start by immediately changing their password. It’s good practice to make a habit of regular password updates after any major event, like increased traffic, that might affect an app or site, making it a more desirable target for cyber criminals. If you reused the same username and password combination for another account, it’s in your best interest to change that password too.

It’s also good practice to keep your device software up-to-date. Check for updates frequently so that your device always has the latest security patches in place. The next time you see an update notification, click yes or make it easy on yourself and set your system to automatically update.

While your bracket might reveal poor choices, don’t make the same mistakes with your personal information. These simple, yet vital practices, like changing your password and saying yes to software updates, can help safeguard your personal information.