Arby’s has announced that it is investigating its payment card systems after Brian Krebs first reported the incident.

According to reports, malware placed on Arby restaurants’ payment card systems allowed attackers to steal credit card data at the time it was swiped in the cash register. The breach is believed to have occurred between October 25, 2016, and January 19, 2017. Approximately 355,000 credit and debit cards were affected.

Arby’s stated that it has removed the malware from the systems of affected restaurants and continues to investigate the incident.