Target released a statement this morning acknowledging that it was hit by a massive card data breach between Nov. 27 and Dec. 15. According to the statement, data that may have been compromised includes customer name, credit or debit card number, expiration date and three-digit security code.
Security blog Krebs on Security first reported the possibility of a breach on Dec. 13, when details were still murky and the breach was believed to have ended on Dec. 6. But Target's statement this morning both confirms the theft and widens the window. As many as 40 million credit and debit accounts may be impacted.
From the Krebs blog:
It's not clear how many cards thieves may have stolen in the breach. But the sources I spoke with from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million of cards total from both issuers that were thought to have been compromised in the breach. A third source at a data breach investigation firm said it appears that "when all is said and done, this one will put its mark up there with some of the largest retail breaches to date."
Stay tuned for updates as details emerge.
Read more about retail payments.