Clothing store chain Eddie Bauer has revealed that the point-of-sale systems (POS) used to process payment cards at its more than 350 retail stores had been infected with malware for several months.

Shoppers that used a credit or debit card at an Eddie Bauer retail location between January 2, 2016, and July 17, 2016, may have had their data exposed. Attackers were able to capture customers’ information including cardholder name, payment card number, expiration date and security code. Payment card information used online was not affected, we’re told.

Krebs on Security said it first notified the clothier about a possible breach nearly six weeks ago.

The retailer said that upon learning of the breach, it launched a full investigation with third-party digital forensic experts and has been working with the FBI to try and identify those responsible. Eddie Bauer added that the vulnerability has been fixed and that they are taking additional steps to strengthen the security of their POS system.

If you shopped at Eddie Bauer between these dates and used a payment card, it’d be wise to keep a close eye on your account balances and statements in search of fraudulent activity. The company says that customers will not be held responsible for fraudulent charges.

News of the breach comes just days after hotel operator HEI Hotels & Resorts said it found malware on its POS terminals.

Those affected by the breach are entitled to 12 months of free identity theft protection. Details on how to sign up for it can be found by calling 1-855-294-2549 during weekday business hours.

Image courtesy Scott Olson, Getty Images