US retail chain Target says about 40 million credit and debit card accounts may be affected by a data breach that occurred just as the holiday shopping season shifted into high gear.
The chain said customers who made purchases by swiping their cards at terminals in its US stores between November 27 and December 15 may have had their accounts exposed. The stolen data includes customer names,credit and debit card numbers,card expiration dates and the three-digit security codes located on the backs of cards.
The data breach did not affect online purchases,the company said.
The stolen information included Target store brand cards and major card brands such as Visa and MasterCard.
The fact this breach can happen with all of their security in place is really alarming, said Avivah Litan,a security analyst with Gartner Research. Litan noted that companies like Target spend millions of dollars each year on credit card security measures. Given the companys heavy security,Litan said she believes the theft may have been an inside job.
Target hasnt disclosed exactly how the data breach occurred,but said it has fixed the problem and credit card holders can continue shopping at its stores.
Targets breach comes at the height of the holiday shopping season and threatens to scare away shoppers worried about the safety of their personal data. The November and December period accounts for 20 percent,on average,of total retail industry sales.