P.F. Chang’s China Bistro has confirmed Friday morning that there has been a data breach involving customers’ credit and debit cards used at its restaurants, USA Today reports.

After learning of the breach Tuesday, the company began an investigation with the U.S. Secret Service and a team of third-party forensics experts “to understand the nature and scope of the incident, and while the investigation is still ongoing, we have concluded that data has been compromised,” according to a statement from P.F. Chang’s CEO Rick Federico.

The company has created a website for customers to receive updates, and it has moved to a manual credit card imprinting system.

The chain has 211 P.F. Chang’s locations in the U.S. and 192 Pei Wei Asian Diner restaurants.

According to cybersecurity blogger Brian Krebs, who first reported the breach on his blog KrebsOnSecurity, customer data from thousands of credit and debit cards previously used at the restaurants went up for sale on an underground store. According to banking sources contacted by Krebs, the cards had been used at P.F. Chang’s locations from the beginning of March 2014 to May 19, 2014.