Target has confirmed a credit and debit card hack potentially affecting up to 40m customers shopping in its US stores, with the stolen data including everything thieves could need to make fraudulent purchases. The hack, rumored earlier today, impacts any shoppers at Target's stores between November 27th and December 15th this year the retailer says, as it kicks off an investigation into the breach.
The hack is particularly notable given the extent of the data from each card that has been taken. According to Target, that includes customer name, credit or debit card number, the expiration date, and the CVV (the three-digit security code on the back).
Exactly how the breach took place is unclear at this stage. Target says it is working with "a leading" forensics firm to examine the cause of the issue, in addition to figuring out what additional security may be needed in order to prevent similar hacks in future.
The retailer also notified both the authorities of the theft, and financial institutions, and has fixed the hole so that purchases since December 15th are secure.
For those potentially affected, Target recommends they monitor their credit and debit card accounts for signs of fraudulent activity. Those with REDcards should contact Target directly if something appears to be amiss; others should contact their banks directly.
It's also suggested that possible victims should obtain a credit report at some point in the near future, and possibly add a fraud alert to their report in case those responsible for the hack try to use accounts to secure new credit.
However, unlike initial rumors, the issue is said to only have affected stores in the US. Those in Canada, and Target's online store, were not impacted.