MINNEAPOLIS – Target says about 40 million credit and debit card accounts may have been affected by a data breach linked to recent purchases in its U.S. stores.
The chain said Thursday that the accounts may have been impacted between Nov. 27 and Dec. 15.
That includes the busy Black Friday shopping period surrounding the U.S. Thanksgiving holiday, which was on Nov. 28.
The discount retailer didn’t specify where the affected stores were located except that they were all in the United States and none of its Canadian stores were involved.
Target Corp. said that customers who made purchases at its U.S. stores during the affected period and who suspect unauthorized activity should call 866-852-8680.
Company spokeswoman Molly Snyder said customers who shopped at Target’s U.S. stores during the should “keep an eye on their credit card accounts for any potentially fraudlent activity.”
Snyder said the company is releasing few details, citing security issues and an ongoing police investigation.
“What I can tell you is we were able to identify an unauthorized access. When we did that, we were able to take immediate steps to eliminate it and the issue has now been resolved,” Snyder said
The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, Target’s chairman, president and chief executive officer.
“We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Target has 1,797 U.S. stores and 124 in Canada.
The company has only been operating stores in Canada since March, when it began a long-planned national rollout in southern Ontario.
Target is just the latest retailer to be hit with a data breach problem. TJX Cos., which runs stores such as T.J. Maxx, Marshall’s and Winners, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud. The breach wasn’t detected until December 2006.
In June 2009 TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws.