Target said in a press release that it is working closely with law enforcement and financial institutions, and has identified and resolved the issue.
Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, Target said.
The press release indicates that the data theft did not affect customers who shopped at Target.com.
[Want to know more about to prevent cyber fraud? Click here for Multichannel Merchant's payment/security archive]
Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts.
Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.
Target has alerted customers with a banner at the top of its ecommerce site, which links to a letter to consumers.
According to the letter, Target has determined that the information involved in this incident included customer name, credit or debit card number, and the card’s expiration date and CVV (the three-digit security code).
“We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future,” the letter said.