The data from some 40 million transactions at Target stores nationwide was stolen by cybercriminals in the last couple of weeks. As this security blogger first reported, the investigation is underway but it looks like the complete credit card information from every transaction between November 27 and December 15 had been collected by an outside party, via the company's point-of-sale systems.

The breach appears to have been a case of malware either unknowingly installed by a Target employee, or knowingly put there by an accomplice on the inside.

Target as said in a statement that the criminals had accessed customer names, credit or debit card numbers, expiration dates, and three-digit security codes for 40 million customers who had shopped at its stores in that two-and-a-half week span. Great news, right? We were totally there about a week ago.

Per Target:

“We take this matter very seriously and are working with law enforcement to bring those responsible to justice,” Gregg W. Steinhafel, Target’s chairman and chief executive, said in a statement.

Everyone who shopped at a store should be checking over their credit or debit accounts for the foreseeable future, and/or getting new ones issued. It's not yet clear how larger financial institutions may choose to deal with the breach.

[Krebbs On Security via NYT]
[CBS]