Hackers possibly operating out of Russia hacked at least 195 web addresses belonging to the Trump Organization or President Trump’s personal family four years ago, according to a report from The Associated Press.

According to the report, the Trump Organization never admitted that the addresses were hacked, but neglected to repair some of the hijacked domains until contacted by AP reporters. Users who attempted to access the compromised websites were instead redirected to servers in St. Petersburg, Russia, which experts said contained malware.

Many of the affected web addresses were previously unused by the Trump Organization, which operates 3,300 addresses in total. Businesses often purchase domain names to prevent them being used maliciously by the company’s enemies.

Security experts told the AP that hackers likely accessed the websites through hosting site GoDaddy.com, by altering the domain registration records. Accounts at GoDaddy.com are regularly subjected to phishing attacks, which seek to trick users into providing usernames and passwords.