Target today confirmed it is aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores. Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.
Target says up to 40 million credit and debit card accounts may have been affected by a data breach that began last month.
In a statement, the retailer said it "is working closely with law enforcement and financial institutions, and has identified and resolved the issue."
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
The chain said Thursday that the accounts may have been impacted between Nov. 27 and Dec. 15.
The Secret Service is investigating the breach at the discount retailer.
Secret Service spokesman Brian Leary confirmed the investigation Wednesday evening. He declined to comment further.
Leary's comments came following a report Wednesday night from respected security researcher Brian Krebs that Target had suffered a data breach around the time of Black Friday last month "potentially involving millions of customer credit and debit card records."
Krebs reported that the breach apparently targeted customers at stores rather than online shoppers. The thieves reportedly gained access to data on the magnetic strips of shoppers' cards, potentially allowing them to produce counterfeit versions.
The thieves could also potentially withdraw cash from ATMs using counterfeit debit cards if they were able to intercept PIN data from Target, Krebs said.
American Express and Discover both said they were "aware" of the incident and had fraud controls in place.
"This is an ongoing investigation," an AmEx spokeswoman said, declining to comment further.
MasterCard referred questions to Target; Visa did not respond to requests for comment.
Target competitor TJX Companies -- which operates discount retail chains T.J. Maxx and Marshalls -- fell victim to one of the worst security breaches ever back in 2006, when hackers gained access to at least 94 million domestic and international accounts containing credit card, debit card, and check information.
More information is available at Target’s corporate website. Anyone who suspects unauthorized activity should contact Target at: 866-852-8680.