The exposed data may have included cardholder names, account numbers, expiration dates and verification codes, the women's apparel retailer said on Friday.
Bebe, which also operates stores in Canada, said the affected transactions were made between Nov. 8 and Nov. 26, the day before Thanksgiving.
Security blog KrebsOnSecurity said on Thursday that hackers may have stolen credit and debit card data from bebe during Thanksgiving and Black Friday.
Bebe is the latest retailer to fall prey to hackers.
Bebe said online transactions were not affected.
"We moved quickly to block this attack and have taken steps to further enhance our security measures," Chief Executive Jim Wiggett said in a statement on Friday.
Bebe operates 175 retail stores and 35 outlet stores in the United States, U.S. Virgin Islands, Puerto Rico and Canada.
Bebe's shares, which have fallen by more than half in the past nine months, closed at $2.73 on the Nasdaq on Thursday.
© Thomson Reuters 2014