The retailer reports cybercriminals infected its online store and used a fraudulent form to steal shoppers’ information.