Consumers who shopped at Target stores between November 27 and December 15 -- right in the thick of the high-volume holiday shopping season -- should check their credit card statements for any unusual activity.
On Thursday, the retail chain acknowledged a hack that obtained the names, credit or debit card numbers, expiration dates, and three-digit security codes of store customers who purchased items over the past few weeks, including the Black Friday weekend. Around 40 million credit and debit card accounts may have been affected by the attack.
The issue that let the hacker gain access to customer data has been identified and resolved, according to Target. The company said that it's working with law enforcement officials to track down those responsible for the attack and has hired a third-party forensic team to investigate the incident.
In an FAQ to customers potentially affected, Target explained that the data breach is a concern for those who made purchases at a Target store in the US between November 27 and December 15. People who bought items through Target's Web site or at a retail store in Canada are safe, according to the company. Target Redcard holders who suspect a fraudulent charge on their card should contact Target; other customers should call their bank, Target advised.
The hack comes at an especially bad time as retailers like Target count heavily on holiday sales. In an attempt to calm concerned customers, the company said that people can continue to use their credit and debit cards to shop at Target.
"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence," Target Chairman and CEO Gregg Steinhafel said in a statement. "We regret any inconvenience this may cause. We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
A spokesperson for Visa also tried to calm the waters by noting that a breached account doesn't necessarily result in a fraudulent purchase.
"When such incidents occur, Visa works with the breached entity to provide card issuers with the compromised accounts so they can take steps to protect consumers through fraud monitoring and, if needed, reissuing cards," the Visa spokesperson told CNET. "Because of advanced fraud-monitoring capabilities, the incidence of fraud involving compromised accounts is actually rare, and Visa fraud rates remain near historic lows."
Still, Visa advises cardholders to monitor their accounts and review their credit card statements.
Update, 11:05 a.m. Added comments from Visa.