Via Washington Post:
Retailer Target revealed Thursday that 40 million of its customers’ credit and debit card accounts may have been revealed to cyber-criminals who gained unauthorized access to the store’s payment card data.
The company said the customer names, debit or credit card numbers, card expiration dates were taken, along with the three-digit security codes often imprinted on the backs of cards, known as CVVs. With that information, it would be easy for criminals to ring up purchases at most Web sites.
The company said it immediately notified law enforcement authorities and financial institutions after discovering the breach, though this is its first notice to customers.
The breach affected those shopping at the height of the holiday shopping season, Target said, between Nov. 27 and Dec. 15. Consumers and companies are at particularly high-risk for data breaches during the holidays, as the increased volume of transactions can mask other irregularities that can tip companies off to a problem.