Target, the second-largest U.S. discount chain, said data for about 40 million debit and credit cards may have been wrongfully accessed in recent weeks and that law enforcement is investigating the matter.
The data was breached between Nov. 27 and Dec. 15, the Minneapolis-based company said in statement. Target said it alerted authorities and financial institutions immediately and has now identified and resolved the issue. The U.S. Secret Service said yesterday that it was probing the incident.
Target, which has 1,797 stores in the U.S. and 124 in Canada, had its data compromised during the crucial year-end shopping period for the retail sector. U.S. retail sales rose 2% for the week ended Dec. 14 as seasonal shopping accelerated, according to the International Council of Shopping Centers.Target said it's working closely with law enforcement to bring those responsible to justice.
"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence," Gregg Steinhafel, chief executive officer of Target, said in the statement.
Brian Leary, a spokesman for the Secret Service in Washington, confirmed the agency is probing the matter while declining to comment further because the investigation is under way.
Data breaches have hit other retailers. TJX Cos., owner of the T.J. Maxx and HomeGoods chains, reported in 2007 that hackers broke into its computer system and stole about 45.7 million credit- and debit-card numbers. The theft set a record at the time for such breaches.
In July, four Russians and a Ukrainian were charged in what prosecutors called the largest hacking scheme in U.S. history, a break-in to computers of retail chains that included 7-Eleven, Carrefour and Wet Seal.
KrebsOnSecurity, a blog written by Brian Krebs, a former Washington Post reporter, first reported that Target was investigating a breach potentially involving millions of customer card records, citing sources at two credit-card issuers.
~ Bloomberg News ~