More than half a million people may have had their card data stolen after a data breach at Texas wine and liquor store chain Spec's which dates back 18 months.
In a statement, Spec's says that an attack on its systems began in October 2012 and may have continued until last month. The breach affects customers who shopped at 34 of its stores between those dates.
Names, card numbers, expiration dates and security codes are all at risk. For customers who paid by cheque, bank account numbers, dates of birth and driver's license numbers have been compromised.
Spec's spokeswoman Jenifer Sarver told the Houston Chronicle that "an estimated fewer than 550,000" customers and employees were affected.
The company says that when it discovered the attack it called in a forensic investigator to tackle it and has also enlisted a cyber security firm to help beef up its defences. The Secret Service is also investigating.
Spec's has not revealed when it learnt of the breach, with Sarver telling the Chronicle: "This was a very sophisticated attack by a hacker or hackers who went to great lengths to cover their tracks."
Affected cash registers have now finally been disabled and malware removed from the Spec's systems.
Merchant data breaches have been high on the US agenda since the Target hack of late last year, which saw crooks infect POS devices and steal the details of around 40 million customer cards.