A potential data breach affecting Target customers has affected up to 40 million credit and debit card accounts, the retailer said Thursday. The data breach is so massive that the Secret Service is being tasked with investigating, USA Today reports.
The potential data breach is thought to have started on Nov. 27, the day before Thanksgiving, and lasted until Dec. 15, through the holiday shopping rush and during some of the busiest shopping days of the year. Target said in a statement that there was “unauthorized access” to payment card data during the time period but is quick to note that the issue “has been identified and resolved.
According to the site Krebs on Security, which is run by security expert and former Washington Post reporter Brian Krebs, the breach extends to nearly all 1,800 Target stores across the U.S.
On Wednesday night, the Secret Service confirmed that it is investigating the incident, but had not further comment because it is an ongoing investigation. According to Krebs, the potential security breach does not appear to involve online purchases, but that the data stolen could potentially allow thieves to create counterfeit cards.