Customers who used a credit or debit card at a Forever 21 store in 2017 are being warned that there is a chance their banking information has been stolen.

The clothing stoe first warned of a possible breach in November, and now says it involved payment card data, including the card number, expiration date, and an “internal verification code” may be among the information mined in the breach. In some instances the cardholder’s name was also collected by malware.

Forever 21 isn’t naming specific stores that were impacted, saying only that it happened in locations across the U.S. over the course of about seven months — April 3rd through Nov. 18th, 2017.

Online purchases weren’t affected.

The investigation found that data encryption technology wasn’t turned on at some point-of-sale devices, which allowed malware to be installed on some the machines.