Retailer Target is investigating a massive data breach that may have affected the card data of millions of bank customers, according to security blogger Brian Krebs. The breach of credit and debit card records is said to have begun on or around Black Friday 2013, the day after Thanksgiving.

Krebs cites anonymous sources at two top 10 credit card issuers. "The breach extends to nearly all Target locations nationwide, and involves the theft of data stored on the magnetic stripe of cards used at the stores," he writes.

Minneapolis, Minn. based Target Brands Inc. has not responded to multiple requests for comment, nor have representatives from MasterCard and Visa.

The type of data said to be stolen — also known as "track data" — includes customers' names, card account numbers and expiration dates.

According to Krebs, the card data is thought to have been vulnerable from just after Thanksgiving to possibly December 15.

"There are no indications at this time that the breach affected customers who shopped at Target's online stores," Krebs writes. That makes it likely that the thieves created counterfeit cards for use at the store's registers and ATMs.

 

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry