NEW YORK (CBS News/CBSLA) — A data breach at department store chains Saks Fifth Avenue, Saks Off Fifth and Lord & Taylor has compromised the personal information of customers who shopped at the stores, including locations in Southern California.

The chains’ parent company, Canada-based Hudson’s Bay Co., announced the breach of its store payment systems on Sunday. The company said it was investigating and taking steps to contain the attack.

READ MORE: SoFi Stadium Looking To Fill More Than 3,000 Part-Time Positions With Job Fairs Being Held This Month

“We will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,” the company said in a statement.

READ MORE: Feds: Mustafa Qadiri Of Irvine Used $5 Million In Fraudulent PPP Loans To Buy Ferrari, Bentley, And Lamborghini

New York-based security firm Gemini Advisory LLC says that a hacking group called JokerStash announced last week that it had put up for sale more than 5 million stolen credit and debit cards, and that the compromised records came from Saks and Lord & Taylor customers.

The firm says that all Lord & Taylor stores and 83 U.S.-based Saks Fifth Avenue stores, including unspecified locations in Southern California, were affected, although the majority of stolen card numbers come from stores in New York and New Jersey.

MORE NEWS: 2 More Drivers Report Windows Being Shattered On SoCal Freeways

Hudson’s Bay says customers won’t be liable for fraudulent charges. It plans to offer free identity protection services.