Target Corp. is investigating a report of a nation-wide customer data breach.
Columnist Brian Krebs on his website Krebsonsecurity reports the breach involved magnetic stripe "track data" containing private customer information.
The data allow thieves to create counterfeit cards, and if PIN numbers for debit cards were also intercepted those phony cards could be used to withdraw cash from ATMs.
Krebs says the breach appears to have begun around Black Friday and could have lasted through Dec. 15.
Minneapolis-based Target has not yet confirmed the report, but Marina Norville, a spokesperson for American Express did, according to the Star Tribune. Norville said the company is just learning about the breach and is working with Target on it.
Krebs reports the breach extends to nearly all Target locations nationwide.
He says it's not clear how many cards thieves may have stolen, but Krebs cites sources saying it could be a million or more. He adds that there are no indications at this time the breach affected customers who shopped at Target's online stores.
Twin Cities retail analyst Jim McComb told the Pioneer Press, "Presuming this is all true, it's probably one of the most serious things you can have happen, because it affects not only your store operations, it affects the lives and financial security of your customers."
McComb added the big worry is about any stolen data, but there's also the hassle of losing access to a credit or debit card during the busiest shopping week of the year.
Krebs advises consumers to carefully watch their credit card statements for bogus charges. He says they should notify the bank that issued their cards in order to prevent being liable for any fraud.
The New York Times reports the Secret Service is investigating the breach. A similar breach affected customers at 63 Barnes & Noble stores last year.