Target: Data breach may involve 40 million accountsPosted: Updated:
The Secret Service said it's investigating a massive credit and debit card data theft at Target stores across the country that might involve tens of millions accounts.
Secret Service spokesman Brian Leary confirmed the agency was investigating, but declined to provide details.
The Minneapolis-based Target Corp. on Thursday morning said as many as 40 million accounts might have been impacted by the data breach between Nov. 27 and Dec. 15.
"We began investigating the incident as soon as we learned of it," Target said on its website. "We have determined that the information involved in this incident included customer name, credit or debit card number, and the card's expiration date and CVV (the three-digit security code).
"We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future. Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts. "
Target said shoppers should check accounts for any suspicious or unusual activity and if something appears fraudulent, REDcard holders should contact target and others should contact their respective banks.
A MasterCard representative referred questions to Target.
"I think they should at least tell the customers, 'Hey, this happened,'" said Phoenix-area Target shopper Pauline Arce.
Blogger Brian Krebs broke the news on his website, stating reliable sources told him Target is investigating a data breach potentially involving millions of customer credit and debit card records.
"I'm surprised to hear it from someone other than the company," shopper Melissa Ross said.
Krebs said the breach began on or around Black Friday and continued through Dec. 6, possibly as late as the Dec. 15 at Target stores nationwide.
Krebs said thieves can use stolen data from credit and debit cards, collected through point of sale machines, to create counterfeit cards.
If PIN numbers were used, they could reproduce stolen debit cards and withdraw cash from ATMs.
Krebs said it does not appear customers who used Target's website were affected by this breach.
Target has 1,797 stores in the U.S. and 124 in Canada.
Target Corp. said that customers who made purchases at its U.S. stores during the impacted period and suspected unauthorized activity should call them at 866-852-8680.
Copyright 2013 CBS 5 (KPHO Broadcasting Corporation). All rights reserved. The Associated Press contributed to this report.