Jason’s Deli has warned its customers that the company may have been hit by a data breach.

Officials said that the company was notified of the breach by its payments processor on Dec. 22, 2017 as MasterCard Inc (NYSE:MA) security personnel discovered a large amount of payment card information for sale on the “dark web.”

The company went on to say that least some of these pieces of information may have come from various Jason’s Deli locations, officials added. The restaurant has locations in 28 states, but it is unclear where exactly the breach happened.

A threat response team is serving as an aid to officials, along with several forensic experts and law enforcement members to determine for sure whether or not a breach took place. If it did, the team will help determine how widespread the data breach was, how it was done, plus whether or not there is any continuing breach or vulnerability to Jason’s Deli’s servers.

“The investigation is in its early stages and, as is typical in such situations, we expect it will take some time to determine exactly what happened,” the notice states. “Jason’s Deli will provide as much information as possible as the inquiry progresses, bearing in mind that security and law enforcement considerations may limit the amount of detail we can provide.”

Jason’s Deli asks people to report any suspicious activity on their credit cards to customer.service@jasonsdeli.com or 409-838-1976.