Women's clothes retailer bebe stores says that its payments processing system was hit by hackers last month, putting customer card data at risk.
Bebe confirmed the attack after security blogger Brian Krebs reported that several banks had spotted fraudulent charges on cards that had been used at its stores.
In a statement, the firm says that cardholder names, account numbers, expiration dates and verification codes from cards swiped at stores in the US, Puerto Rico and the US Virgin Islands between 8 November and 26 November may have been taken. No indication of the number of victims has been provided.
Customers who used their cards in stores during this period are being advised to check their statements and report any suspicious activity to their banks. Purchases made through the bebe website, mobile application, or in Canada or other international stores were not affected.
The retailer says that it has notified its payment processor, which is working with credit card companies to provide them with the account numbers for cards used during the period at issue.
Jim Wiggett, CEO, bebe, says: "Our relationship with our customers is of the highest importance. We moved quickly to block this attack and have taken steps to further enhance our security measures."