The New York-based clothing retailer was notified last year that fraudulent charges were showing up on some credit cards. A spokeswoman for the company said bank card issuers had asked it to check records.
"We found we were storing more information about persons' credit cards than we should have," the spokeswoman told AP. "We put in a patch to the software system and deleted all the data that had been in the system."
She added that a forensic investigation unearthed "no evidence of an internal or external breach".
HSBC North America was continuing to alert 180,000 GM-branded MasterCard holders that card should be replaced as criminals may have obtained access to account information.
The news follows reports of breaches at LexisNexis, San Jose Medical Group and UCSF.
