Target Data From 40 Million Customers Stolen In Security Breach

The credit and debit card data of nearly 40 million of Target's customers has been stolen, the company said Thursday. It is the second largest instance of data theft at a U.S. retailer, Reuters reported.

The theft occurred over a period of three weeks during the holiday season, from the day before Thanksgiving to when Target stopped the breach on Dec. 15. Customer information was stolen from almost all of Target's 1,797 stores, reported Krebs on Security, a security industry blog that broke the story on Wednesday.

Target confirmed the transgression the next day on its website.

"On December 15, we were able to identify an unauthorized access and we were able at that time to resolve the issue," Target spokeswoman Molly Snyder told Reuters.

Target told its customers to check their credit and debit accounts for anything suspicious.

"We take this matter very seriously and we are working with law enforcement to bring those responsible to justice," said Gregg. W. Steinhafel, Target's chairman and chief executive in a statement, The New York Times reported.

Krebs on Security said authorities believe the hackers were able to infiltrate Target's security by installing software at point-of-sales terminals used for swiping the magnetic strips on credit and debit cards.

The hackers then took customers' names, card numbers, expiration dates and security codes, Reuters reported.

The largest security breach at a U.S. retailer hit TJX Companies Inc., in March 2007. TJX, which owns retail chains T.J. Maxx and Marshalls, had 45.7 million of its customers' data stolen over a period of 18 months. The Target breach was more aggressive because millions were affected in less than a month, Reuters reported.

Though Target was able to resolve the matter, investigators don't know yet how the attackers were able to compromise so many of the company's stores.

"It is very clear it is a sophisticated crime," Snyder told Reuters.

Real Time Analytics