US retailer Target has revealed it has been the subject of a massive data breach in which some 40m credit and debit card details may have been compromised.
About 40m credit and debit card accounts may have been impacted between 27 November and 15 December.
The company said it is working closely with US law-enforcement agencies and financial institutions and has identified and resolved the issue.
It is also working with a third-party forensics firm to conduct a thorough study of the incident.
“We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target.
“We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
It is understood that the breach has affected every branch of Target across the US and involves the theft of data stored on the magnetic strip of cards used within its stores.
Such data, along with PIN data if accessed by the thieves, may allow data thieves to create counterfeit debit and credit cards.
This latest breach is believed to be the biggest retail data breach in the US, since TJX saw more than 45m credit and debit card details stolen by thieves using its wireless networks in 2007 and malware was used to steal 130m credit and debit card details from Heartland Payment Systems in 2009.