Bad news for you Forever 21 shoppers in the US. The retailer just confirmed that hackers have breached “various point of sales terminals” throughout the country and were able to collect “credit card numbers, expiration dates, verification codes and sometimes cardholder names” covering the dates April 3 to November 18, 2017. Forever 21 detailed in a statement how hackers were able to install malware software on some of its POS terminals. They first disclosed this back in November 14, but this is the first time they’ve gone into detail about how the attack went down.

It seems that the encryption was turned off for some machines that logged payment card details from transactions at certain times and this was when the hackers installed malware to get the data. Some were said to be affected for days or weeks, but others could’ve been affected for the duration they stated. They didn’t specify how much information the hackers got. But they did say they’re looking into whether Forever 21 stores outside the US have been affected. But with those using different POS systems, this might be an unlikely scenario. Now is the time though to remind you to always check your credit card transactions to see if there are any purchases you didn’t make.