Credit and debit card information of many Target customers may have been stolen during the Black Friday weekend, according to reports.
The thieves got access to data stored on the magnetic stripe on the back of the credit and debit cards through card swiping devices that could have been tampered with at the retailer's stores, reported the Wall Street Journal on Wednesday, citing people familiar with the matter.
The data on the stripe could be used to make counterfeit cards. If the thieves also intercepted PIN (personal identification number) data for debit transactions, they "would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs," wrote security news writer Brian Krebs.
Target did not immediately respond to a request for comment.
Millions of cardholders could be vulnerable as a result of the breach that is believed to have affected about 40,000 card devices at store registers, the Journal said, citing people familiar with the incident. The breach extends to nearly all Target locations in the U.S., said Krebs, who quoted unnamed sources at two of the top 10 credit card issuers.
Krebs reported that it was initially thought that the breach extended from just after Thanksgiving 2013 to Dec. 6. But investigators found evidence that the breach lasted longer, possibly as far as Dec. 15, he reported, citing two unnamed sources.
The Secret Service is investigating the breach but would not discuss details of an ongoing investigation , a spokesman told the Wall Street Journal.
A breach of credit card information was reported last year by Global Payments. The payments processing services company said information on up to 1.5 million card numbers may have been "exported" as a result of an unauthorized access into its processing system.
John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com