A credit card breach at Brooks Brothers took a year to get under control, according to a data breach notification filed this week.
The New York City-headquartered clothing giant said in the advisory that a hacker obtained the credit card details of customers who visited any of the hundreds of stores in the US and Puerto Rico affected by the breach.
That includes the name, card number, expiration date, and verification code, according to the advisory -- more than enough information to make online payments.
The company said that the hacker installed malware on the point-of-sale devices used to process payments in-store between April 2016 and March 2017. The company's website remains unaffected by the breach.
A spokesperson for Brooks Brothers would not say how many customers were affected. A list on the company's website points to 223 retail locations affected by the breach, including in California, New York, Texas, Ohio, and Michigan.
In a statement, the company confirmed that the issue "has been resolved and is no longer impacting transactions."
"Once we learned of this incident, we took immediate action including initiating an internal review, engaging independent forensic experts to assist us in the investigation and remediation of our systems and alerting law enforcement," said the statement.