Fast fashion retailer Forever 21 said Tuesday it was investigating possible "unauthorized access" to data from credit cards, as it advised shoppers to monitor their payment card statements.
The Los Angeles, California-based company said the probe was focused on transactions made at its stores between March and October this year, and that since the investigation was ongoing, it could not give complete findings.
The company, which operates more than 815 stores in 57 countries, did not say which of its stores were affected.
"Because of the encryption and tokenization solutions that Forever 21 implemented in 2015, it appears that only certain point-of-sale devices in some Forever 21 stores were affected when the encryption on those devices was not operating", the statement says.
"We regret that this incident occurred and apologize for any inconvenience".
Company officials said if customers see an unauthorized charge, they should immediately notify the bank that issued the card. "We will continue to work to address this matter", Forever 21 said in a short notice on its website announcing the data breach. Payment card network rules generally state that cardholders are not responsible for such charges.