Fast-food chain Sonic Drive-In has acknowledged it suffered a breach that may have exposed debit and credit card information belonging to millions of its customers, according to a report from KrebsOnSecurity.

The website reported Tuesday that the company confirmed the breach and was working to understand the “nature and scope of (the) issue.” Below is the full statement issued to KrebsOnSecurity:

Sonic, which is based in Oklahoma City, Oklahoma, has 3,600 locations across the country, including 17 in New Jersey.