A breach of credit and debit card data at discount retailer Target may have affected as many as 40 million shoppers who went to the store in the three weeks after Thanksgiving, the retailer said Thursday.
Target said cards used at the brick-and-mortar stores between Nov. 27 and Dec. 15, 2013, may have been impacted.
Late Wednesday, the Secret Service, which is charged with safeguarding the nation's financial infrastructure and payment systems, confirmed it was investigating the breach.
Spokesman Brian Leary declined further comment.
The breach first came to light via a report from respected security researcher Brian Krebs, who said Target had suffered a data breach around the time of Black Friday last month "potentially involving millions of customer credit and debit card records."
4 things to do after your credit card has been hacked
If you've visited a Target over the past several weeks, there are a four steps you should take immediately to protect yourself.
1) Check your statement. It may seem obvious, but the first step you should take is looking for any charges you don't recognize on your statement.
Don't just look for large charges, either. Hackers often ping an account with micropayments of only a few cents to check the viability of the account. So if you see purchases of 6 cents or 11 cents, that could be a sign your information has been compromised.
2) Call your credit card company, bank and Target. Credit card companies generally offer customers fraud monitoring services at no cost, and customers aren't on the hook for any fraudulent charges. Typically, the card issuer or the merchant is responsible for those costs.
But don't wait for your card company or bank to call you. Let them know you've shopped at Target recently. All you have to do is call the number on the back of your card.
Target has also set up a phone line for customers who suspect there has been unauthorized activity on their accounts. Shoppers can call 866-852-8680.
3) Replace your credit card, change your PIN. If the bank didn't already do this for you, do it yourself. This will put an end to any more fake charges.
Once you receive your replacement card, make sure to update your new card information with any companies that have your account on file for automatic payments or monthly fees, like your Apple iTunes account or cable provider.
4) Sign up for a fraud monitoring service. If you're concerned about credit card theft going forward, LifeLock and other similar threat detection services claim that they can monitor your card activities and alert you when your account has gotten into the wrong hands. Most credit card companies offer similar services for free, but threat detection services say they go above and beyond, including offering protection of credit card information on the Internet and even lost-wallet insurance.