Many customers' card details may have been stolen.
The outdoor clothing and accessories retailer Eddie Bauer is the latest victim of point-of-sale malware to admit that its customers’ card details may have been stolen.
Just days after hotel operator HEI said 20 of its hotels had been infected, Eddie Bauer said its 350-or-so stores in the U.S. and Canada had also been the victim of a malware attack.
Cleaning up the mess won’t be cheap—Eddie Bauer said Thursday that it had arranged for all customers who made purchases and returns during this period to get free identity protection services from Kroll for the next year.
Get Data Sheet, Fortune’s technology newsletter.
These kinds of attacks generally involve someone hacking into the target’s internal computer systems, to which its point-of-sale terminals are connected, and surreptitiously infecting the devices with malware that steals card details and sends them back to the criminals.
Eddie Bauer’s terminals were infected on various dates between January 2 and July 17 of this year. Since it discovered the infection, it said, it has strengthened its security.
Less-than-comfortingly, Eddie Bauer said “not all cardholder transactions during this period were affected.” Purchases made over its online retail services were also not affected.
“The security of our customers’ information is a top priority for Eddie Bauer,” said Eddie Bauer CEO Mike Egeck.
For more on data breaches, watch our video.
“We have been working closely with the FBI, cybersecurity experts and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts.”
Eddie Bauer said the infection had been “part of a sophisticated attack directed at multiple restaurants, hotels, and retailers.”