U.S. retailer Target quite literally has a target painted on itself, and it's one that attackers are now confirmed to have hit in one of the largest data breaches on record.
Target admitted today that approximately 40 million credit and debit card accounts are at risk from the breach. The affected accounts were compromised between Nov. 27 and Dec. 15, over the crucial Black Friday and Christmas holiday shopping period.
Though full details on the breach have not yet been made public, Target has confirmed that the data breach affects customers that shopped in physical Target stores in the United States. Target also has an online store as well as operations in Canada, though the company has not confirmed that those operations were impacted by the breach.
The data that the attackers were able to obtain includes customer names, the debit/credit card number, card expiration date as well as the three-digit Card Verification Value (CVV).
Target has also stated that the issue has been resolved at this point and the company is working with financial institutions and law-enforcement agencies.
"Target’s first priority is preserving the trust of our guests, and we have moved swiftly to address this issue, so guests can shop with confidence," Gregg Steinhafel, Target chairman, president and CEO, said in a statement. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
In an open letter published by Target today to its customers, the company provides a number of recommendations on what potential victims of the breach should do. Target recommends that retail customers should review their credit card account statements as well as monitor credit reports. Target advises retail customers to report any suspicious or unusual credit card activity to their financial institution.
Target also suggests that customers visit the U.S. Federal Trade Commission (FTC)'s ID Theft website at www.consumer.gov/idtheft for additional information and tips.
The Target breach is likely the largest breach of a U.S. retailer since at least 2006 when TJX reported a data breach affecting 46 million of its customers. A year after the TJX breach was first reported, the scope of the TJX breach widened, and as many a 96 million consumers were impacted.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.