The clothing store chain Forever 21 have begun to notify their customers of a potential credit card breach affecting specific locations. Shoppers who used payment cards between March 2017 and October 2017 may be affected.

Alerted to the breach through a third-party monitor, it was suggested that there might have been unauthorized access to customers’ credit card data and subsequent payment information. In 2015, Forever 21 implemented an encryption and tokenization feature within most of their locations; this breach affects point-of-sale devices where the encryption was not operating correctly, the company reports.

A security and forensics firm has been hired to help with the investigation. Because it’s still early on, Forever 21 has not confirmed the number of people affected and says it will provide additional information as it learns about specific stores and timeframes.

The company has posted a statement to their website, in which Forever 21 implores customers to monitor their credit card statements carefully and report and odd or out of place purchases that they can’t recall or find physical record of. They also state that Payment card network rules generally state that cardholders are not responsible for such charges.

You can read the full statement from the company here.