Target Corp. has confirmed a data breach that may have affected about 40 million customer credit card and debit card accounts between Nov. 27 and Dec. 15, which included Black Friday weekend, one of the biggest shopping times of the year.
The breach occurred on a national level in stores—not online—and may have involved tampering with the machines customers use to swipe their cards. The information stolen included customer names, credit or debit card numbers, expiration dates and CVV security codes, the Wall Street Journal reported.
Target responded to the breach by immediately alerting authorities and financial institutions. Target also is joining with a forensics firm to conduct an investigation into the incident. Also investigating the breach is the Secret Service, which often examines significant hacks of credit-card data, in an effort to protect the nation’s financial infrastructure and payment systems, according to the Wall Street Journal.
“We take this matter very seriously and are working with law enforcement to bring those responsible to justice,” said Target CEO Gregg Steinhafel in a statement.
Target officials were able to determine and resolve the unauthorized access on Dec. 15, but it remains unclear who conducted the data breach and how.
“This was obviously a very sophisticated crime,” Molly Snyder, a Target spokeswoman told the Wall Street Journal.
Target operates 1,797 stores in the U.S. and another 124 in Canada.