Target says that its stores have been hit by a major credit-card attack involving up to 40 million accounts, USA TODAY reports.
Greg Steinhafel, CEO of Target, confirmed the attack today.
Steinhafel said in an official statement that “Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue.”
The attack took place right before Thanksgiving, around November 27, and ended around December 15.
The breach involves the theft of information stored on magnetic stripe on the backs of cards used at nearly all of Target’s stores around the country, according to the Krebs on Security website, which first reported the news.
The potential breach does not appear to involve online purchases, Krebs reports, noting that the type of data stolen enables thieves to create counterfeit credit cards. If thieves were able to intercept pin numbers, they would also allow thieves to withdraw cash from ATMs.
The Secret Service confirmed to USA TODAY that it is investigating the incident at Target.