American Thrift Stores announced this week that like other retailers, it has been hit with a security breach “that occurred through software used by a third-party service provider” that allowed “criminals from Eastern Europe” to obtain unauthorized access to payment card numbers. According to American Thrift Store’s statement, the Secret Service has advised that only card number and expiration dates were stolen. The breach occurred between September 1, 2015 and September 27, 2015.

American Thrift Stores states that it has removed the malware, but will not be providing customers with any identity theft protection services.

Security experts warn that this type of stolen data can be used to produce new counterfeit cards.