Target reveals data breach that affected 40M cards

The breach may affect anyone who made an in-store purchase between Nov 27-Dec 15

For those of you who avoided the Black Friday chaos and chose instead to stay home, drink spiked eggnog, and watch Christmas episodes of "Murder She Wrote," congratulations. Your card probably wasn’t targeted in a massive credit and debit card hacking scheme that stole data from some 40 million cards swiped at Target stores earlier this month.

Target confirmed early Thursday morning that a data breach may have affected some 40 million cards swiped between November 27 and December 15. Target is running a banner on its website alerting customers to the data breach.

Interestingly, the breach only affects customers who made in-store purchases during that time frame, not those who made purchases online, which means the breach was the result of hacking the actual credit card readers. The data that may be affected includes names, card numbers, expiration dates, and CVV codes. So basically everything.

Target says it’s working with a third-party forensics firm to investigate the incident and prevent future attacks. It also alerted authorities and financial institutions to let them know about the breach.

Target has 1,797 stores in the U.S. and 124 stores in Canada. The company posted a profit of $1.6 billion in $51 billion in sales in the first nine months of 2013. Target expects to see a full-year EPS of $3.52.

Naturally, Thanksgiving weekend and Black Friday in particular happen to be the busiest shopping days of the year. While total dollars spent actually declined this year, more people were out shopping. More than 141 million unique shoppers were out shopping on Thanksgiving weekend, up from 139 million last year, according to the National Retail Federation. How many of those shoppers stopped by Target? The company said last month that “guests shopped Target in unprecedented numbers.”

Sales and traffic on Target.com were among the highest ever seen in a single day, and the company said that in the early morning hours, immediately after the doorbuster deals became available, Target.com saw twice as many orders as last year.

This wouldn’t be the first time a major retailer has been hit with a credit card data breach. Back in 2007, some 90 million credit cards belonging to people who shopped at TJ Maxx, HomeGoods, and other TJX-owned stores were compromised.

And earlier this year, it was revealed that several groups of thieves had stolen some 160 million credit and debit card numbers from companies like J.C. Penney, JetBlue, 7-Eleven, and others.

Back in 2011, hackers from the group Anonymous boasted of having stolen 90,000 credit cards from journalists, the intelligence community, and "Whitehats" to donate over $1 million to charity. 

“Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause. The privacy and protection of our guests’ information is a matter we take very seriously and we have worked swiftly to resolve the incident,” Target said in a statement.