Did you enjoy a pad thai, macaroni and cheese, or a pesto cavatappi for lunch sometime in the last few months? And then have your bank very suddenly replace your credit or debit card, due to an unnamed data breach, in early June? You may have Noodles and Co. to thank for both.

The 20-year-old fast-casual pasta-based chain announced this week that it is the latest victim of a large scale data breach affecting consumers’ payment data.

The hack lasted from January 31 until June 2 of this year, Noodles reports, at which point it was detected and stopped.

The company has been, as one does in this sort of situation, working with third party security investigators to determine how the breach happened and what was stolen. Lo and behold, there was malware in Noodles’ computer systems that managed to yoink payment card information including cardholder name, card number, expiration date, and CVV.

Online orders were not part of the breach, Noodles added.

The company suggests the usual: check your credit reports with the three agencies, put freezes or fraud alerts on any if you need to.

Noodles has published a list of all affected restaurant locations broken down by state. States that were part of the breach include:

• Arizona
• California
• Colorado
• Delaware
• Florida
• Idaho
• Illinois
• Indiana
• Iowa
• Kansas
• Kentucky
• Maryland
• Minnesota
• Missouri
• New Jersey
• New York
• North Carolina
• Ohio
• Oklahoma
• Oregon
• Pennsylvania
• Tennessee
• Texas
• Utah
• Virginia
• Washington
• Washington, DC
• Wisconsin

For more information, Noodles has created a landing page for all information related to the breach. The FTC also has a a guide online to help consumers deal with having their data lost or stolen in hacks.

RELATED: Do you ever shop anywhere? Congratulations: your data will be hacked.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.