America's Thrift Stores reported a breach that compromised credit card information for an unknown number of its customers who shopped at the 18-store chain in September 2015.
CEO Kenneth Sobaski said in an online statement that a breach occurred through the software of an unnamed third-party vendor that was infected with malware, thus giving actors from Eastern Europe access to some customer data.
Transactions made between Sept. 1 and Sept. 27 may have been affected.
Sobaski claimed that the U.S. Secret Service has determined that credit card numbers and expiration dates were taken, adding the government agency does not believe customer names, phone numbers, addresses or email addresses were compromised.
“As soon as we learned of this incident, America's Thrift Stores began working with a leading independent external forensic expert and the U.S. Secret Service to examine the breach. We have identified and removed malware that was the source of the breach– and we continue to take steps to improve security against any future attacks. Shoppers can feel confident using credit or debit cards at any of our store locations,” Sobaski said.
The U.S. Secret Service and the Irondale, Ala.-based America's Thrift Stores have not responded to a request for additional comment.