Target is grappling with a data-security nightmare that threatens to drive off holiday shoppers during the company's busiest time of year.
The nation's second-largest discounter said Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.
The data theft marks the second-largest credit-card breach in the United States after retailer TJX Cos. announced in 2007 that at least 45.7 million credit- and debit-card users were exposed to credit-card fraud.
Target's acknowledgment came a day after news reports surfaced that the discounter was investigating a breach.
The chain said customers who made purchases by swiping their cards at terminals in its U.S. stores between Nov. 27 and Dec. 15 may have had their accounts exposed.
The stolen information included Target store brand cards and major card brands such as Visa and MasterCard.
The Minneapolis company, which has 1,797 stores in the United States and 124 in Canada, said it immediately told authorities and financial institutions once it became aware of the breach Sunday. The company is teaming with a third-party forensics firm to investigate and prevent future breaches.
The breach is the latest in a series of technology crises for Target. The company faced tough criticism in late 2011 after it drummed up hype around its offerings from Italian designer Missoni, only to see its website crash. The site was down most of the day the designer's collection launched. The company angered customers further with numerous online delays for products and even order cancellations.
But the credit card breach poses an even more serious problem for Target and threatens to scare away shoppers who worry about the safety of their personal data.
"A data breach is of itself a huge reputational issue," said Jeremy Robinson-Leon, a principal at Group Gordon, a corporate and crisis public relations firm. He noted that Target needed to send the message that it was rectifying the problem and working with customers to answer questions.
"This is close to the worst time to have it happen," Robinson-Leon said.