Retail giant Target has confirmed reports that the card machines in its stores had been hacked, potentially exposing the credit and debit card data of 40 million customers.
The hack took place between Nov. 27 and Dec. 15 in its 1,797 stores in the United States, according to Target, which said online sales were not impacted.
Information potentially accessed includes customer names, card numbers, card expiration dates and three-digit security codes — enough to make unauthorized purchases in some cases.
The computer security blog KrebsOnSecurity first reported the hack, citing unnamed sources.
Update: State Attorney General George Jepsen and state Department of Consumer Protection Commissioner William Rubenstein released a statement warning state residents who shop at Target to monitor their account transactions and credit reports and to change pin numbers.
Unauthorized card activity should be reported both to customers’ banks and to Target at 866-852-8680. Victims should also report such activity to the police.
“We are only beginning to understand the implications of this massive, nationwide data breach and the impact it will have on Connecticut consumers,” Jepsen said.
Jepsen has asked Target for more information on the breach.
