Hackers have stolen customer credit card information from an unknown number of Arby’s restaurants, according to a report on Thursday.
The fast food chain discovered in mid-January that it suffered a data breach that affected a number of Arby’s corporate restaurants, according to cyber-security reporter Brian Krebs.
The data breach only affected some of Arby’s roughly 1,000 corporate restaurants, and none of its franchise restaurants operated by third parties, the report said. Over 350,000 credit and debit card accounts may have been impacted by the hack, according to the credit union service PSCU. Krebs’s report said PSCU contacted various banks after it noticed a breach that affected a “large fast food restaurant chain.”
Get Data Sheet, Fortune’s technology newsletter.
An Arby’s spokesperson told Fortune that the restaurant chain has eliminated the malware that infected its point-of-sales systems and led to the breach. The spokesperson said that it notified law enforcement after it learned of the breach and contacted several computer security firms to assist, including Mandiant.
Krebs said in his report that he first learned of the data breach two days ago after several banks and credit unions contacted him about whether he had any information about the hack.
Arby’s said that its customers should check their credit card statements for any unauthorized payments. If they discover suspicious activity, “they should report them immediately to the bank that issued their card,” the Arby’s spokesperson said in an email.
A similar data breach hit fast-food chain Wendy’s in 2016, which Krebs also first reported last January. Wendy’s then said in June that the data breach was bigger than it first thought and that it could have impacted more than the 300 stores.
For more about Arby’s, watch:
The point-of-sales systems of various retail chains have long been a favorite hacking target. For example, hacks into Home Depot and Target (TGT) over the past few years involved criminals covertly installing malware into store payment systems, which made it easy for them to siphon sensitive customer data.