US RETAILER Target has confirmed that 40 million customer credit and debit card details may have fallen into the wrong hands.
The firm said today that it is "aware" of unauthorised access to payment card data, saying that it "may" have impacted shoppers. As part of its clean-up operation it is working with the law, and financial institutions.
It says that it has already identified and resolved the issue, and explained that its "first priority" is keeping the faith of its customers.
"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," said Gregg Steinhafel, chairman, president and chief executive officer of Target.
"We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
The firm added that the 40 million accounts figure is an approximation, and that it is customers who shopped with it between 27 November and 15 December. It is not clear whether the firm is contacting all those people that might be involved, but Target has asked anyone who thinks they might have been affected to reach out to it.
An open letter on Target's website appeals to affected "guests", its name for customers, saying that so far it has worked out that plundered content includes customer name, credit or debit card number, the card's expiration date and three-digit security code.
Target is working with a third-party forensics team on its clean-up and investigations, and said customers should keep their eyes open for wandering money.
"You should remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and monitoring free credit reports," it added. "If you discover any suspicious or unusual activity on your accounts or suspect fraud, be sure to report it immediately to your financial institutions. We want to stress that we regret any inconvenience or concern this incident may cause you." µ