Hackers stole the personal financial information from more than 5 million customers who visited the stores from May 2017 to now, according to Gemini Advisory, a cybersecurity firm. About 125,000 of these records were put up for sale on the dark web, the firm said, adding that it “is amongst the biggest and most damaging ever to hit retail companies.” The data breach also hit Saks Off Fifth stores.

All of the U.S. locations of the retail chains have been compromised, the company said, with the majority of stolen credit card information coming from stores in New York and New Jersey.

Hudson’s Bay Company, which owns both retail chains, released a statement Sunday about the data breach, noting that it does not impact shoppers who bought items on digital platforms.

“We wanted to reach out to our customers quickly to assure them that they will not be liable for fraudulent charges that may result from this matter,” the company said. “We have identified the issue, and have taken steps to contain it.”

Hudson’s Bay Company said it will notify customers as it gets more information. It also advised them to review their credit and debit card accounts to monitor for unusual transactions or activity. The company did not say how many stores or customers were compromised.

The data breach comes on the heels of other high-profile hacking attacks to hit other major U.S. stores and businesses. In 2017, Equifax, a credit-reporting firm, announced 145.5 million of its customers had their identifies stolen when the company was hit with a cyberattack.