GameStop, a well-known retailer of video games, electronics, and wireless services, confirmed with KrebsOnSecurity that they are currently investigating reports of hackers breaching their network and siphoning customer information.

After receiving notice from a third party that payment card data has been on sale on a website, a spokesperson from GameStop said, “That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.”

KrebsOnSecurity further notes that the stolen data may have included customer card numbers, their expiration dates, names, addresses, and card verification values (CVV2)—the three numbers at the back of the card beside the signature strip that is typically not recorded into systems of online merchants. Stolen CVV2s suggests that malware may have been present on GameStop’s transaction site.

If you, dear Reader, have used your debit or credit card on GameStop’s website between mid-September of 2016 to early February of this year, it’s advisable that you check (or backtrack, too, if you can) your statements for questionable charges against your card. If you see any, give your bank a call and report those said charges.

Lastly, when purchasing online, it is best to use a credit card over a debit card as the former usually has better overall fraud protection than the latter.