BJC HealthCare said some of its customers' credit card information could have been stolen early last month and in late October.

The hospital and health care provider says it learned of the data breach Nov. 19.

An internal investigation found that customer payment information entered between Oct. 25 and Nov. 8 could have been collected by malware. BJC said in a statement Tuesday that it has informed 5,850 people about the breach.

Social security numbers and medical information was not exposed in the breach, BJC said. It has added new security protocols to guard against future incidents.

Jacob Barker • 314-340-8291 @jacobbarker on Twitter jbarker@post-dispatch.com

A message from David Nicklaus Want to stay smart about what's happening in St. Louis? Make a modest investment in a Post-Dispatch subscription and I'll tell you how developments around the world affect local businesses big and small. Subscribe today: Just $1 a month