Target says anyone who made purchases by swiping cards at terminals in its U.S. stores between Nov. 27 and Dec. 15 may have had their accounts exposed.
The stolen information included Target store brand cards and major card brands such as Visa and MasterCard.
The data breach did not affect online purchases, the company said.
Here are some answers to the most common questions about the theft:
Question: I shopped at Target during that time. What should I do?
Answer: Check your credit card statements carefully. If you see suspicious charges, report the activity to your credit card companies, and call Target at 866-852-8680. You can report cases of identity theft to law enforcement or to the Federal Trade Commission.
You can get additional information about identity theft on the FTC's website at www.consumer.gov/idtheft or by calling the FTC at 877-438-4338 (877-IDTHEFT).
Q: How did the breach occur?
A: Target isn't saying. Industry experts note that companies such as Target spend millions of dollars each year on credit card security, making a theft of this magnitude particularly alarming.
Avivah Litan, a security analyst with Gartner Research, says that given all the security, she believes the breach may have been an inside job.
Q: Why is the Secret Service investigating?