Target Corporation has acknowledged that hackers have stolen data from up to 40 million credit and debit cards of shoppers who visited its stores during the first three weeks of the holiday season.
America's second-largest retailer said on Thursday that customers who made purchases by swiping their cards at its U.S. stores between November 27 and December 15 may have had their accounts exposed. The stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on the back of the card.
The company said the data breach did not affect online purchases. Target has almost 1,800 stores in the U.S. and 124 in Canada.
Investigators are still trying to understand how the attack was carried out.
Target's data security nightmare threatens to drive off holiday shoppers during the company's busiest time of the year. The company's representatives would not comment on whether business had been affected.