Minneapolis - US retail chain Target says about 40m credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear.
The chain said that accounts of customers who made purchases using their cards at its US stores between 27 November and 15 December might have been exposed.
The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards.
The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it was teaming up with a third-party forensics firm to investigate the matter and prevent future breaches. It said it was putting all "appropriate resources" toward the issue.
Target told customers to check their statements carefully.
Target didn't say exactly how the data breach occurred, but said it had since fixed the problem and that credit card holders could continue shopping at its stores.