A cyberattack could have accessed personal information from UnitedHealthcare accounts in Maryland, the health insurance company said Friday.

UnitedHealthcare said the suspicious activity on the mobile app occurred between Feb. 19 and 25 and was a credential stuffing attack, in which hackers use names and passwords stolen from previous breaches to “stuff” login combinations into accounts until they find a match. The company determined April 10 that personal information might have been disclosed.

The company said it has no evidence that member login credentials used during the attack were accessed or obtained from any UnitedHealthcare system. It has since locked members’ accounts that might have been affected.

UnitedHealthcare alerted some account holders by mail Friday that suspicious activity on its mobile app might have revealed members’ personal information. That information could include first and last names, health insurance member ID numbers, dates of birth, addresses, dates of service, provider names, claim information and insurance group names and numbers. No social security numbers or driver’s license numbers were accessed, the company said.

Tony Marusic, a UnitedHealthcare communications director, did not immediately know Sunday how many Marylanders were affected by the cyberattack.

“The company regrets this incident and any inconvenience or concern it may cause,” UnitedHealthcare said in a statement. The company is offering two years of free identity theft protection services from LifeLock to help members detect misuse of their personal information.

Members with questions are asked to call 800-669-1812 on Monday to Friday.