Payment cards used at certain Hershey Entertainment & Resorts Company (HE&R) properties may have been compromised.

The company said on Friday that a program was installed on devices in its payment card system and card data – including cardholder names, card numbers, expiration dates and verification codes – could have been captured.

Cards could have been impacted if used for “reservations or at the Spa, food and beverage or retail outlets at an HE&R property or Hersheypark on-site admissions” between Feb. 14 and June 2, a release said, adding that a “significant percentage” of cards used after May 9 were likely not affected.

HE&R has addressed the issue and is enhancing its security, the release said. Although there is no evidence that payment card data was removed from the systems, free monitoring services are being offered to individuals potentially affected.