If you used a credit card on Gamestop.com between mid-September 2016 and the first week of February 2017, you could be a victim of credit card fraud.

Gamestop has admitted that hackers may have stolen credit card and customer information from their website.

KrebsonSecurity contacted the game retailer with the unfortunate news after receiving word from two sources. A spokesperson had this to say:

“GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,”

“That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified,”

The data in question could include the credit card number, expiration date, name, address, and the 3-digit CCV number on the back of the card. Although the CCV number is not stored by retailers, hackers can use illegal software to record what an online customer types into an e-commerce site.

Gamestop released a statement regarding what customers should do if they fall within the window:

“We regret any concern this situation may cause for our customers. GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”