About 40 million credit and debit card holders may have compromised their accounts by making purchases at Target stores during the height of the holiday shopping season, the company announced Thursday.
The massive data breach involving "unauthorized access to Target payment card data" occurred at stores across the country between Nov. 27 and Dec. 15, potentially exposing both cards issued by Target and major brands such as Visa and Mastercard.The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards.
The company said it is "putting our full resources behind" investigating the incident and preventing similar incidents from happening in the future, partnering with "a leading third-party forensics firm" and alerting federal authorities and other financial institutions to the issue.
"Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause," Target said in a letter to customers posted to its website. "The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident."
The Secret Service earlier confirmed it was investigating the security issue that began on Black Friday weekend.
Investigators believe the data stored in the cards' magnetic strips was hacked at Target cash registers, according to the security industry blog Krebs on Security, which first reported the breach and cited sources from two credit card issuers.
The chain has 1,797 stores in the United States and 124 in Canada.
In a letter to consumers, Target recommended that anyone who shopped at the store during the two-plus-week security breach check their accounts and report any unauthorized purchases or suspicious activity. Consumers can also monitor their credit report moving forward to flag issues with their accounts Target says anyone who suspects they are a victim of unauthorized activity should call them at 866-852-8680.