If you’re a music lover and you’ve been to the website of the annual California music festival Coachella, then you are at risk.

The entire Coachella database was recently found for sale on the Darkweb. It contains email addresses, passwords and in many cases, IP addresses and other personal information of everyone who has registered on the site.

There are two things that make this hack noteworthy.

Firstly, if you have an account on the website and you’re in the habit of using the same password across multiple websites you frequent, the hackers may be able to access much more than your Coachella account. If, for instance, you use the same password to access your bank and/or credit card accounts, the hackers now have the keys to those things as well.

Secondly, and just as disturbing is the fact that this data breach underscores the reality that hackers don’t just target big Fortune 500 companies and sprawling government agencies. They’ll go after pretty much any organization that collects and retains personal information on the clients who use their websites. If Coachella is a viable target, then your small or medium-sized business almost certainly is as well.

As ever, on the heels of a breach like this, if you have an account on the Coachella website, you’ll want to change your password immediately. And, if you’re still using the same password across multiple web properties, then you’ll want to change all those passwords as well. To do any less is to open yourself up to the possibility of identity theft, credit card theft and more.

After last year’s record number of high-profile data breaches, it seems unthinkable that many people would still have such a lax view of personal digital security, but sadly, the data indicate that it’s as big a problem as it ever was. Until that changes, you can expect to see a surge in identity theft on the heels of every breach like this.