Target (TGT) said a massive theft of credit and debit card data from its stores may have impacted 40 million accounts, one of the largest security breaches ever reported.
The discount retailer confirmed on Thursday that it’s aware of unauthorized access to payment card data between Nov. 27 and Dec. 15, at the start of the busiest shopping season of the year.
Target alerted authorities and financial institutions after it became aware of the breach and is partnering with a third-party forensics firm to investigate the theft, the company added.
According to a notice to customers on Target’s website, the theft targeted shoppers who made purchases using credit or debit cards in U.S. stores, not on the company’s website. The information that was stolen included customer names, card numbers, expiration dates and the CVV three-digit security code.
The industry has grappled with massive data thefts before. In 2007, T.J. Maxx and HomeGoods parent TJX (TJX) reported that thieves stole card numbers and personal data from as many as 90 million cards.
One of the latest breaches happened last year at Global Payments, an Atlanta-based payment processing company. Information from up to 1.5 million accounts was stolen.
The data breach at Target was first reported by the Krebs on Security website, which is operated by computer security expert Brian Krebs.