MINNEAPOLIS, Dec. 19 (UPI) -- Big-box U.S. retailer Target confirmed Thursday a data breach may have affected 40 million credit and debit cardholders during the holiday shopping season.
In an open letter to its customers, Target said, "We have identified and resolved the issue of unauthorized access," but cautioned its cardholders to monitor their statements and report any suspected fraudulent activities to authorities.
Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, the company said in a release.
The hackers accessed data stored on the magnetic stripe on the back of the cards, people familiar with the breach told the Wall Street Journal.
"We take this matter very seriously and are working with law enforcement to bring those responsible to justice," said Target Chief Executive Officer Gregg Steinhafel in a statement posted on the company's website.
Target said it alerted authorities and financial institutions as soon as it learned of the unauthorized access and was working with a third-party security vendor to investigate.
"We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future," the company said in an open letter to its cardholders on its website. "Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts."
The retailer, based in Minneapolis, said the breach affected only its U.S. stores, not its online business or Canadian outlets.
Target said it determined the information taken included the customer's name, credit or debit card number, the card's expiration date and the card's three-digit security code.
The Secret Service is investigating the breach, the Journal said. The Secret Service will investigate significant hacks of credit card data as part of its mission to safeguard U.S. financial infrastructure and payment systems.