Bebe has confirmed a data breach that exposed customer payment card information and eventually led to fraudulent activity on compromised accounts recently detected by financial institutions.

After noticing suspicious activity on the computers that run its stores' payment processing system, the retailer called in a security firm to investigate and discovered a breach affecting cards swiped at the point-of-sale (POS) at its locations in the U.S., Puerto Rico and the U.S. Virgin Islands between what it called a “short window” from Nov. 8 to Nov. 26.  

The breach likely exposed names, account numbers, expiration dates and verification codes.

Based on its investigation to date, the company said that mobile and online buyers were not affected. The company is offering a year's free credit monitoring for customers who made purchases at affected stores during the identified time frame.