Forty million people who used their credit or debit cards at Target stores across the country had personal and financial information stolen in a giant security breach that occurred during the year's busiest shopping season, the retailer said.
Target said hackers had stolen customer names, card numbers, and the cards' expiration dates and three-digit security codes for 40 million customers who had shopped at its stores from the day before Thanksgiving to Dec. 15.
The company did not reveal what caused the breach, which affected customers who shopped at the company's more than 1,000 stores. (The breach did not affect online shoppers.)
Cybersecurity experts, however, examining the breach for ABC News said it represented a large-scale attack on what should have been the company's most secure servers.
"Any investigation will look at the systems that collect and store data" taken from each transaction at tens of thousands of store registers, said William Pelgrin, the CEO of the Center for Internet Security.
Pelgrin said the hackers - or potentially even a single individual - could have used malware, a viruslike software that mops up data, or exploited "backdoors," loopholes in the company's security net.
Brian Krebs, who first broke the story for KrebsOnSecurity.com Wednesday, told ABC News that enough information was stolen that thieves could create forged physical cards that would work at stores and in ATM machines.
"The information that's stored on the magnetic strip - name, card number, expiration date, other info - if bad guys can steal that card … they can actually create a second copy," Krebs said.
Customers who may have been affected should pay extra attention to their debit and credit card statements, said Krebs.
"Advice to customers - be vigilant, pay attention to your statement if something doesn't look right," Krebs cautioned. "Whether or not you feel like you might be impacted by this breach, it's a really good idea, particularly around this time of year, to pay attention to what's on your debit and credit card statements."