The US Secret Service is investigating a massive data card breach at Target retail stores across the United States.
Target has confirmed that approximately 40 million credit and debit card accounts may have been impacted over a two-week period beginning on Black Friday, the busiest shopping day of the year.
Gregg Steinhafel, Target chairman, president and chief executive officer, says: "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."
The breach was first reported by security blogger Brian Krebs, who cites sources at two of the top ten credit card issuers in the US.
The breach may extend to "nearly all Target locations nationwide", and involves the theft of data stored on the magnetic stripe of cards used at the stores.
Using the stolen track data, crooks can create counterfeit cards by encoding the information onto any card with a magnetic stripe. "If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs," writes Krebs.
The crooks behind the scam have already started selling the haul on underground forums, with the price for the freshest card account data running at about $44 apiece.