The discount retailer Target issued an apology Thursday and said it was working with a forensics firm to investigate a security breach that may have compromised the personal data of 40 million customers.
The unauthorized access may affect shoppers who made credit or debit card purchases at Target’s U.S. stores between Nov. 27 and Dec. 15, 2013, according to a statement released by the retailer.
Hackers reportedly stole information including customer names, card numbers, expiration dates CVVs (three-digit codes).
Related: What do to if you think you could be a victim of Target data breach
Target, which operates 1,797 stores nationwide, said it was partnering with the forensics firm to conduct an investigation and prevent a similar breach from happening again.
“Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts,” the statement said.
The Secret Service was investigating the incident, spokesman Brian Leary confirmed on Wednesday.
Meanwhile, in its detailed statement, Target urged customers who made card purchases at the stores during the affected period to examine their bank and credit card statements carefully.
At a Target location in West Hollywood, shoppers reacted to news of the data theft.
“I just deal with cash now. That’s the safest way to go about shopping, for me anyway,” said Alex Gonzalez.
Target told customers who have been victims of fraud related to the security breach to call their banks and the Minneapolis-based chain at 866-852-8680.
Target also recommended reporting identity theft to the Federal Trade Commission on the FTC website or at 877-438-4338.
The CNNMoney staff contributed to this report.