Target (NYSE:TGT) prepared for the kickoff to the lucrative holiday shopping season for months, but nothing could have prepared the retailer for this. According to Reuters, Target alerted customers on Thursday that data from about 40 million credit and debit cards might have been stolen from shoppers at its stores during the first three weeks of the holiday season, starting on the day before Thanksgiving.
The retailer said that it identified and resolved the issue on Sunday, and an investigation is currently underway. Following the announcement, Target’s shares fell as much as 3.2 percent before the opening of trading on Thursday.
According to Target’s alert, the data theft took place over a 19-day period that stretched from November 27 to December 15, three of Target’s busiest shopping weeks of the year. Target told customers that criminals had stolen customer names, payment card numbers, expiration dates, and their CVV security codes. Per Reuters, Krebs on Security, a security industry blog, reported that the breach affected nearly all of the retailer’s 1,797 stores in the United States.
Reuters reports that investigators believe the attackers involved in the crime employed software that can be installed on point-of-sales terminals used to swipe magnetic strips on payment cards. Investigators are still unsure how the attackers could have accessed the point-of-sales terminals at so many Target locations.