Natural Grocers, the natural and organic food retailer, is investigating a possible data breach involving customer payment cards.

According to Brian Krebs’ sources, hackers accessed Natural Grocers’ network just before Christmas 2014 and tapped into point-of-sale (POS) systems at locations across the country. Payment card information may be involved but Natural Grocers claims that personal information (names, addresses, or social security numbers) and card verification codes were not accessed.

Natural Grocers is now working with a third-party data forensics firm and law enforcement to investigate the matter further. While the investigation is underway, the company is planning to accelerate its transition to ‘chip and PIN’ throughout all of its stores to comply with the Payment Card Industry Data Security Standard (PCI DSS).

It is not yet known how many customers may have been affected, but the grocery chain boasts 93 stores in 15 states, with net sales of $520.7 million in 2014.