The Minneapolis-based retailer confirmed on Thursday that it was aware of "unauthorized access" to payment card data that "may have impacted certain guests making credit and debit card purchases in its U.S. stores."
Approximately 40 million credit and debit card accounts may have been affected between Nov. 27 and Dec. 15, 2013, the company disclosed. Purchases made on Target.com or in its Canada stores were not affected, the company said.
"We have determined that the information involved in this incident included customer name, credit or debit card number, and the card's expiration date and CVV (the three-digit security code)," the company said on its Web site Thursday.
Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue, it said. Target provided more information on its Web site.
"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," Chairman and CEO Gregg Steinhafel said in a statement "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
Target shares were falling 2% to $62.25 on Thursday.
Written by Laurie Kulikowski in New York.