Millions of Target customers' credit, debit card accounts may be hit by data breach

Alastair Jamieson

Approximately 40 million credit and debit card accounts used by Target customers may have been impacted by a major data breach, the retailer said Thursday.

Customer names and credit or debit card numbers are involved in the breach—along with the expiration date and three-digit CVV security code of each card, the store said.

Shoppers who made purchases at their stores between Nov. 27 and Dec. 15 were urged to check their debit and credit card accounts and report suspected unauthorized activity to the firm.

(Read more: Fraud alert: How to prevent holiday-related identity theft)

Target said in a statement that it was "aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases" during the height of the Thanksgiving and Christmas holiday shopping period.

It is one of the largest ever breaches of consumer information, echoing the 2007 theft of data from at least 45.7 million credit and debit cards of shoppers at retailers including T.J. Maxx and Marshalls.

A Target customer prepares to sign a credit card slip.
Getty Images

"Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts," the statement added. "Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident."

Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores, a source who was not authorized to discuss the matter told Reuters.

(Read more: The 12 scams of Christmas)

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence," Target chairman, president and CEO Gregg Steinhafel said. "We regret any inconvenience this may cause. We take this matter very seriously and are working with law enforcement to bring those responsible to justice."

Krebs on Security, a blog that first reported the news, said that breach involved nearly all Target outlets in the United States, citing sources at two credit card issuers.

Target said that customers who made purchases at its U.S. stores during the impacted period and suspected unauthorized activity should call them at 866-852-8680.

Target has 1,797 U.S. stores and 124 in Canada.

By Alastair Jamieson of NBC News