Target (NYSE: TGT) said data from about 40 million credit and debit cards might have been stolen from shoppers at its stores during the first three weeks of the holiday shopping season.
The hacking, which is the second-largest card breach at a U.S. retailer in history, took place over a 19-day period that began the day before Thanksgiving. Target didn't say exactly how the data breach occurred, but the company confirmed that it identified and resolved the issue on Dec. 15.
The breach extends to nearly all Target locations nationwide. Shoppers at its online store Target.com or at physical stores outside the U.S were not affected, said Target in a company statement issued Thursday morning.
The ordeal involves the theft of data stored on the magnetic stripe of cards used at the stores, which would include the name of the customer, credit or debit card number, the card's expiration date and the three-digit CVV security code. The data could have been used by the hackers to create counterfeit cards that could even be used to withdraw money at an ATM, according to the reports.
Target said it immediately alerted authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter and prevent future breaches. On Wednesday night, the Secret Service confirmed that it is investigating the incident, but had no further comment because it is an ongoing investigation.
Target's New Awesome Shop Aims To Drive Mobile Sales
Target Boosts Mobile Shopping For The Holidays
Target Will Up mCommerce Investment
Target, Kroger See a Surge in Digital Coupon Site Visits
Target, Macy's, Best Buy Lead in Holiday Customer Service